OpenWrt Forum Archive

Topic: Problems with iptables

The content of this topic has been archived on 6 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Duffin444
18 Oct 2005, 21:06

I modified the file /etc/firewall.user to look like this:

#!/bin/sh

iptables -F forwarding_rule
iptables -t nat -F prerouting_rule

echo "*1*"
iptables -t nat -A prerouting_rule -i vlan1 -p tcp --destination-port 5900 -j DNAT --to-destination 192.168.1.33:5900
iptables        -A forwarding_rule -i vlan1 -p tcp --destination-port 5900 -d 192.168.1.33:5900 -j ACCEPT
echo "*2*"
iptables -t nat -A prerouting_rule -i vlan1 -p tcp --destination-port 5800 -j DNAT --to-destination 192.168.1.33:5800
iptables        -A forwarding_rule -i vlan1 -p tcp --destination-port 5800 -d 192.168.1.33:5800 -j ACCEPT
echo "*3*"
iptables -t nat -A prerouting_rule -i vlan1 --protocol tcp --destination-port 60123 -j DNAT --to-destination 192.168.1.33:60123
iptables        -A forwarding_rule -i vlan1 --protocol tcp --destination-port 60123 -d 192.168.1.33 -j ACCEPT
echo "*4*"
iptables -t nat -A prerouting_rule -i vlan1 -p udp --destination-port 4674 -j DNAT --to-destination 192.168.1.33:4674
iptables        -A forwarding_rule -i vlan1 -p udp --destination-port 4674 -d 192.168.1.33 -j ACCEPT
echo "*5*"
iptables -t nat -A prerouting_rule -i vlan1 -p tcp --destination-port 4664 -j DNAT --to-destination 192.168.1.33:4664
iptables        -A forwarding_rule -i vlan1 -p tcp --destination-port 4664 -d 192.168.1.33 -j ACCEPT

When I test run the script, however, I get these errors:

root@OpenWrt:/etc# sh firewall.user
: not founder: 5:
*1*
'ptables v1.3.1: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
*2*
'ptables v1.3.1: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
*3*
'ptables v1.3.1: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
*4*
'ptables v1.3.1: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
*5*

The iptables output looks like this:

root@OpenWrt:/etc# iptables --list
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB
LISHED
DROP       tcp  --  anywhere             anywhere            tcp option=!2 flags
:SYN/SYN
input_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     gre  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-res
et
REJECT     all  --  anywhere             anywhere            reject-with icmp-po
rt-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/S
YN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB
LISHED
forwarding_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB
LISHED
output_rule  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-res
et
REJECT     all  --  anywhere             anywhere            reject-with icmp-po
rt-unreachable

Chain forwarding_rule (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             main.lan            tcp dpt:4664

Chain input_rule (1 references)
target     prot opt source               destination

Chain output_rule (1 references)
target     prot opt source               destination

I am new at this, but the weird things that are happening don't make sense.  Note that the last port forwarding lines do not error.  In fact, it is only those lines that make it into the iptables output, and it is always the last lines.  Even if I change the order of the port forwards, the last lines succeed the others fail.  Also, if I run the exact same lines one at a time through the prompt, they all succeed.

Help!
   -Duffin

Post #2
Duffin444
26 Oct 2005, 19:11

I figured it out.  I was using a Microsoft Windows editor and it was putting in ^M characters.  That actually tooka surprising amount of time for me to figure out smile.  I will never see those 3 hours again!

-Duffin

The discussion might have continued from here.