[LUG.ro] Problema con iptables

Jeremías _ superjere2 en hotmail.com
Mie Oct 20 15:46:30 ART 2010 

Estoy implementando un Proxy con Squid y quería agregarle una config de iptables para los puertos problemáticos
la config es la siguiente:

-----------------------------------------------------------------------------------------

iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.14.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.14.0/24 -d ! 192.168.14.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -A INPUT -s 192.168.14.0/24 -i eth1 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -i eth1 -p tcp --dport 993 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -i eth1 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -i eth1 -p tcp --dport 465 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -i eth1 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -i eth1 -p tcp --dport 443 -j ACCEPT

iptables -A FORWARD -s 192.168.14.0/24 -i eth1 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -i eth1 -p udp --dport 53 -j ACCEPT

echo 1> /proc/sys/net/ipv4/ip_forward

---------------------------------------------------------

Ahora... Una vez ejecutado esto obtento estos errores:

--------------------------------------------------- 
proxy:~# iptables: Bad policy name. Run `dmesg' for more information.
> iptables: Bad policy name. Run `dmesg' for more information.
> 'ptables v1.4.9: Invalid target name `MASQUERADE
> Try `iptables -h' or 'iptables --help' for more information.
> Using intrapositioned negation (`--option ! this`) is deprecated in favor of extrapositioned (`! --option this`).
> "ptables v1.4.9: REDIRECT: Bad value for "--to-ports" option: "8080
> Try `iptables -h' or 'iptables --help' for more information.
-bash: command substitution: line 1: unexpected EOF while looking for matching `''
-bash: command substitution: line 3: syntax error: unexpected end of file
-bash: MASQUERADE: command not found
-bash: Try: command not found
-bash: iptables:: command not found
proxy:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy:~# : command not foundlMax.sh: line 26:
proxy:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy-puerto:~# 'ptables v1.4.9: Invalid target name `ACCEPT
> Try `iptables -h' or 'iptables --help' for more information.
-bash: ptables v1.4.9: Invalid target name `ACCEPT
Try `iptables -h: command not found
proxy:~# : command not foundlMax.sh: line 29:
proxy:~# /etc/init.d/firewallMax.sh: line 30: echo: write error: Argumento inválido
-bash: /etc/init.d/firewallMax.sh:: No existe el fichero o el directorio
proxy:~# /etc/init.d/firewallMax.sh: line 30: echo: write error: Argumento inválido
-bash: /etc/init.d/firewallMax.sh:: No existe el fichero o el directorio
proxy:~#

--------------------------------------------------

Lo que supongo es que me falta algo o el apt-get install iptables iptables-dev (estoy usando Debian) no me instaló todo.
Agradecería al menos una guía. Muchas gracias

Pago cerveza en agradecimiento con picada!!!
Chan!!!

Más información sobre la lista de distribución Lugro