Results 1 to 3 of 3

Thread: [SOLVED] iptables-restore on boot causing system to hang.

  1. #1
    Join Date
    Aug 2008
    Beans
    5

    [SOLVED] iptables-restore on boot causing system to hang.

    I had no trouble with this on ubuntu server, yet the desktop variant seems to be causing problems.

    I've tried placing "/sbin/iptables-restore /etc/ipt-rules" in rc.local and in /etc/networking/interfaces (via pre-up statement), whenever I reboot my system it hangs after the login screen, before the desktop background shows up. There's a mysterious grey box in the upper left corner that shows a text cursor when you put the mouse over it.

    If I run iptables-restore manually after reboot, everything sets up fine.


    Here's the iptables config, comments added by me aren't in the actual file.

    eth0 = internet
    eth1 = LAN

    # Generated by iptables-save v1.3.8 on Sun Aug 24 00:03:04 2008
    *nat
    REROUTING ACCEPT [244:81597]
    OSTROUTING ACCEPT [71:4812]
    :OUTPUT ACCEPT [78:5268]
    -A PREROUTING -d 192.168.0.254 -i eth1 -j DNAT --to-destination 207.5.171.1
    -A PREROUTING -d 192.168.0.253 -i eth1 -j DNAT --to-destination 207.5.144.254
    -A POSTROUTING -s 207.5.171.1 -o eth1 -j SNAT --to-source 192.168.0.254
    -A POSTROUTING -s 207.5.144.254 -o eth1 -j SNAT --to-source 192.168.0.253

    ####nat my isp's DNS servers to a local ip

    -A POSTROUTING -o eth0 -j MASQUERADE

    ####hide local network from the outside

    COMMIT
    # Completed on Sun Aug 24 00:03:04 2008
    # Generated by iptables-save v1.3.8 on Sun Aug 24 00:03:04 2008
    *filter
    :INPUT DROP [67:21824]
    :FORWARD DROP [0:0]
    :OUTPUT ACCEPT [1813:210983]
    -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i eth1 -j ACCEPT

    ####Accept established connections from Outside, any from within.


    -A FORWARD -i eth1 -o eth0 -j ACCEPT
    -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

    #### same for hosts on LAN
    COMMIT
    # Completed on Sun Aug 24 00:03:04 2008
    Last edited by thecake; August 24th, 2008 at 11:31 PM.

  2. #2
    Join Date
    Aug 2008
    Beans
    5

    Re: iptables-restore on boot causing system to hang.

    I've found a temporary workaround.

    I put this in /etc/rc.local
    ( sleep 20; iptables-restore /etc/ipt-rules; /etc/init.d/dhcp3-server restart ) &

    basically it says to fork a process, wait 20 seconds, then set the rules and restart dhcpd (it doesn't like leasing out dns servers that it doesn't think exist).

    The downfall is if you don't login within 20 seconds you're screwed.

    I'd like a real solution though. Bug report time?

  3. #3
    Join Date
    Aug 2008
    Beans
    5

    Re: iptables-restore on boot causing system to hang.

    Ok, figured it out.

    I didn't let the loopback interface through iptables.

    iptables -A INPUT -i lo -j ACCEPT

    solves the problem, as well as another I was having with a printer.

    Still I wish there was a warning telling me what was going on, maybe there's a way to do this.

    I'm still pretty newb incase you guys can't tell.
    Last edited by thecake; September 2nd, 2008 at 11:46 PM.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •