Kia Ora From Down under

Got a wee problem

I am installing Feisty server series 7.04 and cant get my iptables to initiate with the following info reportedback below

root@xxxx:/home/xxxx# /etc/init.d/iptables
iptables v1.3.6: invalid port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.

Has anyone come across this problem

I have two network cards in my 6.10 Edgy server series one facing the Internet WAN and one facing a network LAN I use these iptables rules below that work fine in 6.10 Edgy server series ( im using it now thru my server)

Open to some comment on my table rules apart from the fact that they don't work in feisty

I place the code below in the file

root@xxxxr:/home/xxxx# sudo nano /etc/init.d/iptables


#!/bin/bash

# flush old rules
iptables -F

# Masquerade out eth1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # ???????????????? mabe this is wrong

# Disallow NEW and INVALID incoming or forwarded packets from ppp0.old setup
iptables -A INPUT -i eth0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP

# Allow NEW and INVALID incoming or forwarded packets from ppp0 new setup
# iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# allow ssh ftp http https from everywhere
iptables -I INPUT -p tcp --destination-port -j ACCEPT
iptables -I INPUT -p tcp --destination-port 2200 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 21 -j ACCEPT

# proftpd poorten voor passive transfers achter een firewall
# zie ook /etc/proftpd.conf
iptables -I INPUT -p tcp --destination-port 60000:65000 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 8081 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 8082 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 873 -j ACCEPT

# Teamspeak server
iptables -I INPUT -p udp --destination-port 8767 -j ACCEPT

# Teamspeak web interface
iptables -I INPUT -p tcp --destination-port 14534 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 51234 -j ACCEPT

# Enemy territory
iptables -I INPUT -p udp --destination-port 27950 -j ACCEPT
iptables -I INPUT -p udp --destination-port 27951 -j ACCEPT
iptables -I INPUT -p udp --destination-port 27952 -j ACCEPT
iptables -I INPUT -p udp --destination-port 27960 -j ACCEPT
iptables -I INPUT -p udp --destination-port 27965 -j ACCEPT

# GhostRecon Interface
iptables -I INPUT -p tcp --destination-port 2346 -j ACCEPT
iptables -I INPUT -p udp --destination-port 2347 -j ACCEPT
iptables -I INPUT -p udp --destination-port 2348 -j ACCEPT

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward


And get this from the command line when trying to initiate the rules file

#Run manually thru the command line

# Make file executable
sudo chmod +x /etc/init.d/iptables

# restart the itables script
sudo /etc/init.d/iptables

root@xxxx:/home/xxxx# /etc/init.d/iptables
iptables v1.3.6: invalid port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.

any Ideas

Well it turns I have solved the problem and it was minor

the port error was being generated by the following line of code

# allow ssh ftp http https from everywhere
iptables -I INPUT -p tcp --destination-port -j ACCEPT # this is the offender it has been removed
iptables -I INPUT -p tcp --destination-port 2200 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 21 -j ACCEPT

all goes well now as with most problems its alot to do with th operator

I like my iptables again

Bill007

Hi Bill

I am having exactly the same problem as you had here.

You found your own solution. Congrats!

May I ask, where did you find the segment of code that you cited? It would really help me to be able to find it myself and amend it.

Thanks

Pipps