Results 1 to 4 of 4

Thread: Migrate Debian firewall rule to Ubuntu

  1. February 12th, 2013 #1
    LtPitt
    LtPitt is offline Frothy Coffee!
    Join Date
    Mar 2007
    Beans
    211

    Migrate Debian firewall rule to Ubuntu

    My old Debian firewall died and I'm migrating saved rules to Ubuntu this way:

    iptables-restore < firewall_config

    I get this error:

    Bad argument `192.168.1.0/255.255.255.0'
    Error occurred at line: 18
    Opening the file here's line 18:

    -A POSTROUTING -s ! 192.168.1.0/255.255.255.0 -j MASQUERADE

    What is wrong?
    Advanced reply Adv Reply  
  2. February 12th, 2013 #2
    schragge
    schragge is offline Ubuntu Cappuccino Scuro
    Join Date
    Feb 2013
    Beans
    Hidden!

    Re: Migrate Debian firewall rule to Ubuntu

    The rule looks ok to me, but try to place ! before -s, i.e.
    Code:
    -A POSTROUTING ! -s 192.168.1.0/255.255.255.0 -j MASQUERADE
    Advanced reply Adv Reply  
  3. February 12th, 2013 #3
    LtPitt
    LtPitt is offline Frothy Coffee!
    Join Date
    Mar 2007
    Beans
    211

    Re: Migrate Debian firewall rule to Ubuntu

    the correction you pointed out (looks) like working without problems...

    But there's more and more errors

    Can you help me to fix this (correctly working on debian) iptables-backup?


    Code:
    # Generated by iptables-save v1.3.6 on Tue Sep 14 11:21:30 2010
*mangle
:PREROUTING ACCEPT [11666894:3426002549]
:INPUT ACCEPT [3992541:2783596820]
:FORWARD ACCEPT [7601705:635682622]
:OUTPUT ACCEPT [3786217:2807778972]
:POSTROUTING ACCEPT [4294041:3102897533]
COMMIT
# Completed on Tue Sep 14 11:21:30 2010
# Generated by iptables-save v1.3.6 on Tue Sep 14 11:21:30 2010
*nat
:PREROUTING ACCEPT [7593900:393423684]
:POSTROUTING ACCEPT [27503:1709683]
:OUTPUT ACCEPT [92965:5762818]
-A PREROUTING -p tcp -m tcp --dport 23 -j DNAT --to-destination 172.0.0.1:23 
-A PREROUTING -s 67.215.0.0/255.255.0.0 -p tcp -m tcp --dport 222 -j DNAT --to-destination 172.0.0.2:22 
-A POSTROUTING -s 172.0.0.2 -j ACCEPT 
-A POSTROUTING -s ! 192.168.1.0/255.255.255.0 -j MASQUERADE 
COMMIT
# Completed on Tue Sep 14 11:21:30 2010
# Generated by iptables-save v1.3.6 on Tue Sep 14 11:21:30 2010
*filter
:INPUT DROP [5448:597666]
:FORWARD DROP [175410:8444546]
:OUTPUT ACCEPT [3785918:2807753497]
-A INPUT -p icmp -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -d 172.0.0.121 -j ACCEPT 
-A INPUT -s 172.0.0.121 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT 
-A INPUT -p udp -m udp --sport 53 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 4445 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 21 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 20 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 8085 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 23 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 8988 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT 
-A FORWARD -p icmp -j ACCEPT 
-A FORWARD -d 172.0.0.121 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 110 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 143 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 25 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT 
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT 
-A FORWARD -s 172.0.0.123 -p tcp -m tcp --dport 8999 -j ACCEPT 
-A FORWARD -s 172.0.0.123 -p tcp -m tcp --dport 12177 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 8085 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 23 -j ACCEPT 
-A FORWARD -s 172.0.0.187 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 5573 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 5574 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 5500 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 5540 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 5553 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 5557 -j ACCEPT 
-A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT 
-A FORWARD -p tcp -m tcp --sport 443 -j ACCEPT 
-A FORWARD -s 192.168.2.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT 
-A FORWARD -s 192.168.3.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT 
-A FORWARD -s 192.168.4.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT 
-A FORWARD -s 192.168.5.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT 
-A FORWARD -s 192.168.6.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT 
-A FORWARD -s 192.168.7.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT 

COMMIT
# Completed on Tue Sep 14 11:21:30 2010
    Advanced reply Adv Reply  
  4. February 12th, 2013 #4
    LtPitt
    LtPitt is offline Frothy Coffee!
    Join Date
    Mar 2007
    Beans
    211

    Re: Migrate Debian firewall rule to Ubuntu

    A sweet old reboot + the modification suggested did the job
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct