Linux Firewall Configuration; iptables

Date: 10 Sep, 2007
Posted by: admin
In: hints & tips|linux, open source & software

Bookmark and Share

Firewall administration in Slackware Linux

Which front end?

These programs configure a script, usually rc.firewall, which in turn sets up iptables. Iptables then handles all the filtering mangling and NAT requirements for you.

As ever there are lots of options, I used to use Guarddog which was great. However I now need to do NAT and guarddog required me to use a companion program called guidedog. Instead I thought I’d try the native KDE options, the closest thing to that seems to be KMyFirewall.

KMyFirewall (KMF)

This is pretty good.

I’ve had one problem setting up my localhost to accept smb (samba, ports 137-139) connections. The iptables error message (shown by KMF) told me that I needed to do “-p tcp”. So I had to go in and edit rc.firewall and add that to the line with the smb ports in …

The error I was getting was:

Clearing iptables (created by KMyFirewall)...
Done.
Starting iptables (created by KMyFirewall)...
Loading needed modules...
FATAL: Module ip_conntrack not found.
FATAL: Error inserting ip_conntrack_ftp (/lib/modules/2.6.16.13pbhj/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko): Unknown symbol in module, or unknown parameter (see dmesg)
Done.
Create custom chains...
Done.
Settup Rules in Table FILTER:
Create Rules for Chain: INPUT
iptables v1.3.5:
multiport needs `-p tcp' or `-p udp'
Try `iptables -h' or 'iptables --help' for more information.
Setting up Rule: H21_SMB_tcp FAILED!

Execution failed
Exit(Code): 1

The line I changed was:
$IPT -t filter -A INPUT -p tcp --match multiport --destination-ports 137,138,139 --source 192.168.0.2 -j ACCEPT || { status="1"; echo " Setting up Rule: H3_SMB_tcp FAILED! "; exit 1; }

Works fine now.

Sorry, comments are closed.


About

Flapjacktastic is just a random collection of musings, hints&tips, notes, information ... a collection of stuff really that's overflowed from the brain of this husband, father, potter, business-man, geek ...

past posts