Hello,
I am getting errors running iptables, the next line of which is an
example:
iptables v1.2.2: Couldn't load target `int-ext':/usr/local/lib/\
iptables/libipt_int-ext.so: cannot open shared object file: No \
such file or directory
Try `iptables -h' or 'iptables --help' for more information.
Note that it lists target "int-ext". this message exists for ALL
permutations of my target user-defined chains. I can't tell if this is
an error, or something else.
All modules are loading correctly that i can tell. could you guys take
a look at my configuration enclosed and tell me if there is some
fundamental flaw in my command lines? I do not wish you to evaluate my
firewall schema. That comes later. I just can't shake the feeling I
have some syntax wrong.
I have installed iptables, version 1.2.2 into the default locations
using plain old make, with no special goodies. I have compiled iptables
on a redhat 7.1 machine that has a pristine linux 2.4.7 build directory
in it.
Here is my initial iptables configuration:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth1 -j int-ext
iptables -A FORWARD -i eth1 -o eth0 -j ext-int
iptables -A INPUT -i eth0 -j int-os
iptables -A INPUT -i eth1 -j ext-os
iptables -A OUTPUT -o eth0 -j os-int
iptables -A OUTPUT -o eth1 -j os-ext
# internal to external network
# default policy: allow all outgoing connections
iptables -N int-ext
iptables -A int-ext -j ACCEPT
iptables -A int-ext -j DROP
# internal to Local process
# default policy: allow all internal to local process
iptables -N int-os
iptables -A int-os -j ACCEPT
iptables -A int-os -j DROP
# external to internal network
# default: allow only related responses to outbound initiated
# packets
iptables -N ext-int
iptables -A ext-int -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A ext-int -j DROP
# external to local process
# default:
# Allow inbound to sshd port
# allow only related responses to outbound initiated
# packets
iptables -N ext-os
iptables -A ext-os -p tcp --destination-port 22 -j ACCEPT
iptables -A ext-os -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A ext-os -j DROP
# Local process to external hosts
# default: allow all
iptables -N os-ext
iptables -A os-ext -j ACCEPT
iptables -A os-ext -j DROP
# Local process to internal hosts
# default: allow all
iptables -N os-int
iptables -A os-int -j ACCEPT
iptables -A os-int -j DROP
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jason Brooks ~ (503) 641-3440 x1861
Direct ~ (503) 924-1861
System / Network Administrator
Wind River Systems
8905 SW Nimbus ~ Suite 255
Beaverton, Or 97008
I am getting errors running iptables, the next line of which is an
example:
iptables v1.2.2: Couldn't load target `int-ext':/usr/local/lib/\
iptables/libipt_int-ext.so: cannot open shared object file: No \
such file or directory
Try `iptables -h' or 'iptables --help' for more information.
Note that it lists target "int-ext". this message exists for ALL
permutations of my target user-defined chains. I can't tell if this is
an error, or something else.
All modules are loading correctly that i can tell. could you guys take
a look at my configuration enclosed and tell me if there is some
fundamental flaw in my command lines? I do not wish you to evaluate my
firewall schema. That comes later. I just can't shake the feeling I
have some syntax wrong.
I have installed iptables, version 1.2.2 into the default locations
using plain old make, with no special goodies. I have compiled iptables
on a redhat 7.1 machine that has a pristine linux 2.4.7 build directory
in it.
Here is my initial iptables configuration:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o eth1 -j int-ext
iptables -A FORWARD -i eth1 -o eth0 -j ext-int
iptables -A INPUT -i eth0 -j int-os
iptables -A INPUT -i eth1 -j ext-os
iptables -A OUTPUT -o eth0 -j os-int
iptables -A OUTPUT -o eth1 -j os-ext
# internal to external network
# default policy: allow all outgoing connections
iptables -N int-ext
iptables -A int-ext -j ACCEPT
iptables -A int-ext -j DROP
# internal to Local process
# default policy: allow all internal to local process
iptables -N int-os
iptables -A int-os -j ACCEPT
iptables -A int-os -j DROP
# external to internal network
# default: allow only related responses to outbound initiated
# packets
iptables -N ext-int
iptables -A ext-int -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A ext-int -j DROP
# external to local process
# default:
# Allow inbound to sshd port
# allow only related responses to outbound initiated
# packets
iptables -N ext-os
iptables -A ext-os -p tcp --destination-port 22 -j ACCEPT
iptables -A ext-os -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A ext-os -j DROP
# Local process to external hosts
# default: allow all
iptables -N os-ext
iptables -A os-ext -j ACCEPT
iptables -A os-ext -j DROP
# Local process to internal hosts
# default: allow all
iptables -N os-int
iptables -A os-int -j ACCEPT
iptables -A os-int -j DROP
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jason Brooks ~ (503) 641-3440 x1861
Direct ~ (503) 924-1861
System / Network Administrator
Wind River Systems
8905 SW Nimbus ~ Suite 255
Beaverton, Or 97008