Results 1 to 6 of 6

Thread: iptables-restore error at line 2

  1. #1
    Join Date
    Jul 2011
    Beans
    16
    Distro
    Ubuntu 11.04 Natty Narwhal

    iptables-restore error at line 2

    I have decided to update my ubuntu server 10.10 to the new 11.04 version of the software. Since I had some issues with my printers I had been sharing, I have decided to perfrom a clean install. However, I have a certain problem.
    I am using my ubuntu box as a router, sharing my internet connection with multiple other computers and devices. I have followed this tutorial carefully: https://help.ubuntu.com/community/In...nectionSharing
    The ICS is working fine but after I reboot my machine, it is gone. Despite of what I try to do I can't get it working again. Can please someone provide with a script or something that loads the iptables rules on reboot.

    Following the logic I think the iptables-restore which you add in /etc/rc.local is the one that is supposed to do the job, however when i type it it gives me "iptables-restore: unable to initialize table 'nat'
    Error occured at line 2"

  2. #2
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: iptables-restore error at line 2

    The iptables rules you are using aren't formed correctly more then likely.

    Can you post the contents of the file in code tags please.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  3. #3
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    1,898
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: iptables-restore error at line 2

    To Get my iptables script to run at boot time I added a script to /etc/init.d and a link in /etc/rc2.d. The add link command:
    Code:
     
    sudo ln -S /etc/init.d/firewall /etc/rc2.d/S95firewall
    An edited directory listing of rc2.d showing the link:
    Code:
     
    doug@doug-64:~$ ls -l /etc/rc2.d
    total 4
    -rw-r--r-- 1 root root 677 2011-03-30 14:29 README
    ...
    lrwxrwxrwx 1 root root  17 2010-12-10 08:22 S91apache2 -> ../init.d/apache2
    lrwxrwxrwx 1 root root  20 2010-12-20 08:19 S95firewall -> /etc/init.d/firewall
    lrwxrwxrwx 1 root root  21 2010-12-10 08:23 S99grub-common -> ../init.d/grub-common
    lrwxrwxrwx 1 root root  18 2010-12-10 07:49 S99ondemand -> ../init.d/ondemand
    lrwxrwxrwx 1 root root  18 2010-12-10 07:49 S99rc.local -> ../init.d/rc.local
    And then that script just calls the actual iptables setup script, which I keep the master script in my user area:
    Code:
    doug@doug-64:~$ cat /etc/init.d/firewall
    #!/bin/sh
    #
    # firewall 2009.11.05 Smythies.
    #        This script will be added to the start up stuff.
    #        All it does is call my firewall configuration
    #        script.
    #
    case "$1" in
    start)
    echo -n "Configuring the Doug firewall ...";
    /home/doug/init/doug_firewall;
    echo " done.";;
    stop)
    ;;
    esac
    exit 0
    Permissions on that script:
    Code:
     
    doug@doug-64:~$ ls -l /etc/init.d/firewall
    -rwxr-xr-x 1 root root 309 2010-12-20 08:11 /etc/init.d/firewall

  4. #4
    Join Date
    Jul 2011
    Beans
    16
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: iptables-restore error at line 2

    Thank you for the replies. Before I see if I get this straight, I will post the iptables.sav file which I made based on the tutorial I mentioned in my first post.

    /etc/iptables.sav

    Code:
    # Generated by iptables-save v1.4.10 on Mon Jul 18 18:22:32 2011
    *nat
    :PREROUTING ACCEPT [105:9106]
    :INPUT ACCEPT [7:715]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -j MASQUERADE
    COMMIT
    #Completed on Mon Jul 18 18:22:32 2011
    #Generated by iptables-save v1.4.10 on Mon Jul 18 18:22:32 2011
    *filter
    :INPUT ACCEPT [16:1684]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [14:1036
    -A FORWARD -s 192.168.0.0/24 -i eth0 eth1 -m conntrack --ctstate NEW -j ACCEPT
    -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
    COMMIT
    #Completed on Mon Jul 18 18:22:32 2011
    I have enabled routing by adding the lines at /etc/sysctl.conf

    So what you are suggesting is I copy your code into a script, add the lines and everything will work?

  5. #5
    Join Date
    Feb 2011
    Location
    Coquitlam, B.C. Canada
    Beans
    1,898
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: iptables-restore error at line 2

    I do not know why you get an error at line 2 of your iptables-restore command.
    While I did not use your iptables.sav file, I did do the same thing on my server: saved a file iptables.sav using iptables-save command; Loaded it back in with iptables-restore; I even edited my iptables.sav file to put the *nat section first, as it had been second in my output. Everything worked fine.

    I think this line:
    Code:
    -A FORWARD -s 192.168.0.0/24 -i eth0 eth1 -m conntrack --ctstate NEW -j ACCEPT
    Sould be this:
    Code:
    -A FORWARD -s 192.168.0.0/24 -i eth0 -o eth1 -m conntrack --ctstate NEW -j ACCEPT

  6. #6
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: iptables-restore error at line 2

    If you created them with iptables-save,they should be formed correctly (and they look right).

    Have you tried iptables-apply to see if it errors out?
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •