firewall nao starta

feliperossi
(usa Debian)

Enviado em 02/04/2008 - 11:15h

galera me ajuda hehe, to levando um pau aki no firewall, jah fiz de tudo.
o q acontece eh o seguinte, montei o script tdo certinho mas qdo tento restarta aparece o seguinte>>>


[root@localhost ~]# service firewall restart
Cannot find firewall service
Usage: service -[Rfshv] SERVICE ARGUMENTS
-f|--full-restart: Do a fullrestart of the service.
-R|--full-restart-all: Do a fullrestart of all running services.
-s|--status-all: Print a status of all services.
-d|--debug: Launch with debug.
-h|--help: This help.


jah tentei de tudo
nao sei o q pode ser

da uma olhada no firewal ai


#!/bin/bash
#
# chkconfig: 2345 03 92
# description: Regras de firewall
#
#######################################
# Define variaveis
#######################################
IF_EXT=eth0
IF_INT=eth1
#IP_EXT=200.1.1.1
#LAN=10.0.13.0/24
#DMZ=200.10.15.0/28
#http,https,dns,smtp,pop3,ssh,ftp,jabber,jabber/s
SRV_TCP="80,443,53,25,110,22,21,5222,5223"
SRV_UDP="53"
IPT=/sbin/iptables

case $1 in

start)

echo "iniciando Firewall"

echo 1 > /proc/sys/net/ipv4/ip_forward

#######################################
# Define politicas default
#######################################
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP
#######################################
# Limpa todas as regras
#######################################
$IPT -t filter -F
$IPT -t nat -F
$IPT -t mangle -F
$IPT -t raw -F
#########################################
# Liberar pacotes pertencentes a conexões
# permitidas
#########################################
$IPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#########################################
# Liberar acessos da rede interna
#########################################
######## opcao 1 ########################
######## negar acesso a alguns servicos
######## e liberar o restante
#########################################
### Liberar tudo p/ o boss
#$IPT -A FORWARD -m mac --mac-source 00:18:8B:DF:F9:F7 -s 10.0.13.115 -j ACCEPT
### Negar acesso ao msn
#$IPT -A FORWARD -p tcp --dport 1863 -j DROP
#$IPT -A FORWARD -p tcp -m string --algo bm --from 40 --to 60 --string VER -j DROP
### Negar acesso ao googletalk
### Liberar primeiro servidor jabber da empresa(200.10.10.1)
#$IPT -A FORWARD -p tcp -m multiport -d 200.10.10.1 --dports 5222,5223 -j ACCEPT
#$IPT -A FORWARD -p tcp -m multiport --dports 5222,5223 -j DROP
### Liberar acessos restritos p/ o povo
#$IPT -A FORWARD -s 10.0.13.0/24 -i $IF_INT -j ACCEPT
##############################################
######## opcao 2 #############################
######## liberar acesso a alguns servicos
######## e negar o restante (politica default)
##############################################
$IPT -A FORWARD -s $IF_EXT -i $IF_INT -p tcp -m multiport --dports 21,25,53,110,443 -j ACCEPT
$IPT -A FORWARD -s $IF_EXT -i $IF_INT -p udp -m udp --dport 53 -j ACCEPT
$IPT -A FORWARD -d $IF_EXT -p udp -m udp --sport 53 -j ACCEPT
#### Liberar acesso ao proxy (local)
$IPT -A INPUT -s $IF_EXT -i $IF_INT -p tcp -m tcp --dport 3128 -j ACCEPT
#############################################
# Liberar acessos aa DMZ
#############################################
$IPT -A FORWARD -p tcp -d $DMZ -m multiport --dports $SRV_TCP -j ACCEPT
$IPT -A FORWARD -p udp -d $DMZ -m udp --dport $SRV_UDP -j ACCEPT
$IPT -A FORWARD -p udp -s $DMZ -m udp --sport $SRV_UDP -j ACCEPT
$IPT -A FORWARD -p udp -s $DMZ -m udp --dport $SRV_UDP -j ACCEPT
$IPT -A FORWARD -p udp -d $DMZ -m udp --sport $SRV_UDP -j ACCEPT
#############################################
# Liberar pings
#############################################
$IPT -A FORWARD -m limit --limit 5/s -p icmp --icmp-type 0 -j ACCEPT
$IPT -A FORWARD -m limit --limit 5/s -p icmp --icmp-type 3 -j ACCEPT
$IPT -A FORWARD -m limit --limit 5/s -p icmp --icmp-type 5 -j ACCEPT
$IPT -A FORWARD -m limit --limit 5/s -p icmp --icmp-type 8 -j ACCEPT
$IPT -A FORWARD -m limit --limit 5/s -p icmp --icmp-type 11 -j ACCEPT
$IPT -A FORWARD -m limit --limit 5/s -p icmp --icmp-type 12 -j ACCEPT
#############################################
# Fazer masquerade da rede local
#############################################
$IPT -t nat -A POSTROUTING -s $LAN -o $IF_EXT -j MASQUERADE
#############################################
# Fazer proxy transparente (nao funciona com autenticacao)
#############################################
#$IPT -t nat -A PREROUTING -s $LAN -p tcp --dport 80 -j REDIRECT --to-port 3128
;;

stop)
echo "limpando Firewall"
#######################################
# Define politicas default
#######################################
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
#######################################
# Limpa todas as regras
#######################################
$IPT -t filter -F
$IPT -t nat -F
$IPT -t mangle -F
$IPT -t raw -F
#########################################
;;

status)

$IPT -L -n

;;
*)
echo "Opcoes validas: (start|stop|status)"
;;

esac

MRKS
(usa Debian)

Enviado em 02/04/2008 - 11:35h

ele nao foi adicionado no /etc/init.d/....
correto ??!!?!?
tenta o seguinte. nome do aquivo espaço start.
exuculta o firewall com root.
verifica se esta executavel.
ls -l
----x--x--x
para passar arquivo para executavel
chmod 777 nome do arquivo

feliperossi
(usa Debian)

Enviado em 02/04/2008 - 11:42h

entao dei as permissoes pra ele,
e nao coloquei ele no /etc/init.d

soh copio ele dai para o /etc/init.d
normal isso ??
e starto???

pq ele esta no /usr/share/doc/iptables/firewall
nao coloquei ele no init.d
no init.d soh dei um chkconfig iptables off pra ver se conseguia levantar meu script e nao deu tbm

feliperossi
(usa Debian)

Enviado em 02/04/2008 - 11:52h

bah cara vlw mesmo agora consegui
brigadão mesmo
sao coisas tao simples q causao um baita
transtorno vlw ai
era soh dar permissao e colocar ele no init.d

vlw mesmo