Jump to content
Sign in to follow this  
andrea.paiola

iptables debian non si riconfigura automaticamente

Recommended Posts

continuano i miei curiosamenti e ho seguito questa guida iptables - Debian Wiki quasi pedissequamente :fagiano:

 

a parte le regole diverse che ho usato per iptables, non capisco perchè quando riavvio la debian non mi ricarica la configurazione... in pratica devo dare

iptables-restore < /etc/iptables.test.rules

 

per farla caricare, come se lo script

 

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules

non funzionasse... :fagiano:

 

dove devo guardare per capire dove sta il problema e poi risolverlo?

Share this post


Link to post
Share on other sites

Ti riporto gli step da seguire per una possibile soluzione:

 

salva:

iptables-save > /etc/firewall.conf

 

 

creare il file /etc/network/if-up.d/iptables

 

#!/bin/sh
iptables-restore < /etc/firewall.conf

 

dai diritti di esecuzione:

chmod +x /etc/network/if-up.d/iptables

 

e ora dovrebbe funzionare

Share this post


Link to post
Share on other sites

in /var/log/boot non c'è nulla forse non è attivato

 

in /var/log/dmesg c'è

[    0.000000] Initializing cgroup subsys cpuset
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Linux version 2.6.26-2-686 (Debian 2.6.26-22lenny1) (dannf@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Wed May 12 21:56:10 UTC 2010
[    0.000000] BIOS-provided physical RAM map:
[    0.000000]  BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
[    0.000000]  BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
[    0.000000]  BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
[    0.000000]  BIOS-e820: 0000000000100000 - 000000000fff0000 (usable)
[    0.000000]  BIOS-e820: 000000000fff0000 - 0000000010000000 (ACPI data)
[    0.000000]  BIOS-e820: 00000000fffc0000 - 0000000100000000 (reserved)
[    0.000000] WARNING: strange, CPU MTRRs all blank?
[    0.000000] ------------[ cut here ]------------
[    0.000000] WARNING: at arch/x86/kernel/cpu/mtrr/main.c:696 mtrr_trim_uncached_memory+0x178/0x183()
[    0.000000] Modules linked in:
[    0.000000] Pid: 0, comm: swapper Not tainted 2.6.26-2-686 #1
[    0.000000]  [<c0122637>] warn_on_slowpath+0x40/0x66
[    0.000000]  [<c02b9e13>] _spin_lock_irqsave+0x16/0x2f
[    0.000000]  [<c02b9ea1>] _spin_unlock_irqrestore+0xd/0x10
[    0.000000]  [<c0122adb>] release_console_sem+0x173/0x18c
[    0.000000]  [<c0122f83>] vprintk+0x2d2/0x2de
[    0.000000]  [<c010ce54>] mtrr_wrmsr+0xf/0x2e
[    0.000000]  [<c0122fa3>] printk+0x14/0x18
[    0.000000]  [<c03873fd>] mtrr_trim_uncached_memory+0x178/0x183
[    0.000000]  [<c0385078>] setup_arch+0x254/0x6c5
[    0.000000]  [<c0122fa3>] printk+0x14/0x18
[    0.000000]  [<c037f5e4>] start_kernel+0x62/0x2d7
[    0.000000]  =======================
[    0.000000] ---[ end trace 4eaa2a86a8e2da22 ]---
[    0.000000] 0MB HIGHMEM available.
[    0.000000] 255MB LOWMEM available.
[    0.000000] Entering add_active_range(0, 0, 65520) 0 entries of 256 used
[    0.000000] Zone PFN ranges:
[    0.000000]   DMA             0 ->     4096
[    0.000000]   Normal       4096 ->    65520
[    0.000000]   HighMem     65520 ->    65520
[    0.000000] Movable zone start PFN for each node
[    0.000000] early_node_map[1] active PFN ranges
[    0.000000]     0:        0 ->    65520
[    0.000000] On node 0 totalpages: 65520
[    0.000000]   DMA zone: 32 pages used for memmap
[    0.000000]   DMA zone: 0 pages reserved
[    0.000000]   DMA zone: 4064 pages, LIFO batch:0
[    0.000000]   Normal zone: 480 pages used for memmap
[    0.000000]   Normal zone: 60944 pages, LIFO batch:15
[    0.000000]   HighMem zone: 0 pages used for memmap
[    0.000000]   Movable zone: 0 pages used for memmap
[    0.000000] DMI 2.5 present.
[    0.000000] ACPI: RSDP 000E0000, 0024 (r2 VBOX  )
[    0.000000] ACPI: XSDT 0FFF0030, 002C (r1 VBOX   VBOXXSDT        1 ASL        61)
[    0.000000] ACPI: FACP 0FFF00E0, 00F4 (r4 VBOX   VBOXFACP        1 ASL        61)
[    0.000000] ACPI: DSDT 0FFF0220, 1A0C (r1 VBOX   VBOXBIOS        2 INTL 20090521)
[    0.000000] ACPI: FACS 0FFF01E0, 0040
[    0.000000] ACPI: PM-Timer IO Port: 0x4008
[    0.000000] Allocating PCI resources starting at 20000000 (gap: 10000000:effc0000)
[    0.000000] PM: Registered nosave memory: 000000000009f000 - 00000000000a0000
[    0.000000] PM: Registered nosave memory: 00000000000a0000 - 00000000000f0000
[    0.000000] PM: Registered nosave memory: 00000000000f0000 - 0000000000100000
[    0.000000] SMP: Allowing 0 CPUs, 0 hotplug CPUs
[    0.000000] PERCPU: Allocating 37992 bytes of per cpu data
[    0.000000] NR_CPUS: 8, nr_cpu_ids: 1
[    0.000000] Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 65008
[    0.000000] Kernel command line: root=/dev/hda1 ro quiet
[    0.000000] Found and enabled local APIC!
[    0.000000] mapped APIC to ffffb000 (fee00000)
[    0.000000] Enabling fast FPU save and restore... done.
[    0.000000] Enabling unmasked SIMD FPU exception support... done.
[    0.000000] Initializing CPU#0
[    0.000000] PID hash table entries: 1024 (order: 10, 4096 bytes)
[    0.000000] Detected 1770.918 MHz processor.
[    0.004000] Console: colour VGA+ 80x25
[    0.004000] console [tty0] enabled
[    0.004000] Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
[    0.004000] Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
[    0.004000] Memory: 249924k/262080k available (1771k kernel code, 11588k reserved, 750k data, 244k init, 0k highmem)
[    0.004000] virtual kernel memory layout:
[    0.004000]     fixmap  : 0xfff4c000 - 0xfffff000   ( 716 kB)
[    0.004000]     pkmap   : 0xff800000 - 0xffc00000   (4096 kB)
[    0.004000]     vmalloc : 0xd0800000 - 0xff7fe000   ( 751 MB)
[    0.004000]     lowmem  : 0xc0000000 - 0xcfff0000   ( 255 MB)
[    0.004000]       .init : 0xc037f000 - 0xc03bc000   ( 244 kB)
[    0.004000]       .data : 0xc02bad7d - 0xc0376620   ( 750 kB)
[    0.004000]       .text : 0xc0100000 - 0xc02bad7d   (1771 kB)
[    0.004000] Checking if this processor honours the WP bit even in supervisor mode...Ok.
[    0.004000] CPA: page pool initialized 1 of 1 pages preallocated
[    0.088005] Calibrating delay using timer specific routine.. 3631.93 BogoMIPS (lpj=7263861)
[    0.088005] Security Framework initialized
[    0.088005] SELinux:  Disabled at boot.
[    0.088005] Capability LSM initialized
[    0.088005] Mount-cache hash table entries: 512
[    0.092005] Initializing cgroup subsys ns
[    0.092005] Initializing cgroup subsys cpuacct
[    0.092005] Initializing cgroup subsys devices
[    0.092005] CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64 bytes/line)
[    0.092005] CPU: L2 Cache: 512K (64 bytes/line)
[    0.092005] Intel machine check architecture supported.
[    0.092005] Intel machine check reporting enabled on CPU#0.
[    0.092005] Checking 'hlt' instruction... OK.
[    0.119556] SMP alternatives: switching to UP code
[    0.342143] Freeing SMP alternatives: 16k freed
[    0.353911] ACPI: Core revision 20080321
[    0.354652] ACPI: setting ELCR to 0200 (from 0c00)
[    0.357731] weird, boot CPU (#0) not listedby the BIOS.
[    0.357806] SMP motherboard not detected.
[    0.360022] SMP disabled
[    0.360022] Brought up 1 CPUs
[    0.360022] Total of 1 processors activated (3631.93 BogoMIPS).
[    0.360022] CPU0 attaching sched-domain:
[    0.360022]  domain 0: span 0
[    0.360022]   groups: 0
[    0.360022] net_namespace: 660 bytes
[    0.360022] Booting paravirtualized kernel on bare hardware
[    0.360022] NET: Registered protocol family 16
[    0.360022] ACPI: bus type pci registered
[    0.360022] PCI: PCI BIOS revision 2.10 entry at 0xfc080, last bus=0
[    0.360022] PCI: Using configuration type 1 for base access
[    0.360022] Setting up standard PCI resources
[    0.360022] ACPI: EC: Look up EC in DSDT
[    0.364257] ACPI: Interpreter enabled
[    0.364265] ACPI: (supports S0 S5)
[    0.364279] ACPI: Using PIC for interrupt routing
[    0.367165] ACPI: PCI Root Bridge [PCI0] (0000:00)
[    0.371354] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
[    0.374683] ACPI: PCI Interrupt Link [LNKA] (IRQs 5 9 10 11) *0, disabled.
[    0.375010] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 9 10 11) *0, disabled.
[    0.375120] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 9 10 *11)
[    0.375231] ACPI: PCI Interrupt Link [LNKD] (IRQs 5 9 *10 11)
[    0.375468] Linux Plug and Play Support v0.97 (c) Adam Belay
[    0.375543] pnp: PnP ACPI init
[    0.375554] ACPI: bus type pnp registered
[    0.376564] pnp: PnP ACPI: found 6 devices
[    0.376570] ACPI: ACPI bus type pnp unregistered
[    0.376577] PnPBIOS: Disabled by ACPI PNP
[    0.377222] PCI: Using ACPI for IRQ routing
[    0.409153] NET: Registered protocol family 2
[    0.409450] IP route cache hash table entries: 2048 (order: 1, 8192 bytes)
[    0.409659] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[    0.409708] TCP bind hash table entries: 8192 (order: 4, 65536 bytes)
[    0.409751] TCP: Hash tables configured (established 8192 bind 8192)
[    0.409758] TCP reno registered
[    0.409885] NET: Registered protocol family 1
[    0.409993] checking if image is initramfs... it is
[    0.928898] Switched to high resolution mode on CPU 0
[    0.929118] Freeing initrd memory: 6039k freed
[    0.942040] platform rtc_cmos: registered platform RTC device (no PNP device found)
[    0.942040] audit: initializing netlink socket (disabled)
[    0.942040] type=2000 audit(1275482326.928:1): initialized
[    0.942040] Total HugeTLB memory allocated, 0
[    0.942040] VFS: Disk quotas dquot_6.5.1
[    0.942040] Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
[    0.942040] msgmni has been set to 500
[    0.942040] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
[    0.942040] io scheduler noop registered
[    0.942040] io scheduler anticipatory registered
[    0.942040] io scheduler deadline registered
[    0.942040] io scheduler cfq registered (default)
[    0.942040] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[    0.942040] pci 0000:00:01.0: Activating ISA DMA hang workarounds
[    0.942040] pci 0000:00:02.0: Boot video device
[    0.942040] isapnp: Scanning for PnP cards...
[    1.311421] isapnp: No Plug & Play device found
[    1.317011] Serial: 8250/16550 driver $Revision: 1.90 $ 4 ports, IRQ sharing enabled
[    1.321048] brd: module loaded
[    1.321247] PNP: PS/2 Controller [PNP0303:PS2K,PNP0f03:PS2M] at 0x60,0x64 irq 1,12
[    1.321893] serio: i8042 KBD port at 0x60,0x64 irq 1
[    1.321909] serio: i8042 AUX port at 0x60,0x64 irq 12
[    1.322255] mice: PS/2 mouse device common for all mice
[    1.323036] input: AT Translated Set 2 keyboard as /class/input/input0
[    1.323095] rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
[    1.323139] rtc0: alarms up to one day
[    1.323518] cpuidle: using governor ladder
[    1.323524] cpuidle: using governor menu
[    1.323532] No iBFT detected.
[    1.324000] TCP cubic registered
[    1.324007] NET: Registered protocol family 17
[    1.324017] Using IPI No-Shortcut mode
[    1.324365] registered taskstats version 1
[    1.324503] rtc_cmos rtc_cmos: setting system clock to 2010-06-02 12:38:47 UTC (1275482327)
[    1.324650] Freeing unused kernel memory: 244k freed
[    2.992126] Uniform Multi-Platform E-IDE driver
[    2.992126] ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
[    3.011241] PIIX4: IDE controller (0x8086:0x7111 rev 0x01) at  PCI slot 0000:00:01.1
[    3.011309] PIIX4: not 100% native mode: will probe irqs later
[    3.011366]     ide0: BM-DMA at 0xd000-0xd007
[    3.011397]     ide1: BM-DMA at 0xd008-0xd00f
[    3.011408] Probing IDE interface ide0...
[    3.023187] pcnet32.c:v1.35 21.Apr.2008 tsbogend@alpha.franken.de
[    3.219830] Floppy drive(s): fd0 is 1.44M
[    3.236294] FDC 0 is a S82078B
[    3.307341] hda: VBOX HARDDISK, ATA DISK drive
[    4.032706] hda: host max PIO4 wanted PIO255(auto-tune) selected PIO4
[    4.032706] hda: UDMA/33 mode selected
[    4.032706] Probing IDE interface ide1...
[    4.828600] hdc: VBOX CD-ROM, ATAPI CD/DVD-ROM drive
[    5.569761] hdc: host max PIO4 wanted PIO255(auto-tune) selected PIO4
[    5.569761] hdc: UDMA/33 mode selected
[    5.569761] ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
[    5.569761] ide1 at 0x170-0x177,0x376 on irq 15
[    5.571454] ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 11
[    5.571467] PCI: setting IRQ 11 as level-triggered
[    5.571492] ACPI: PCI Interrupt 0000:00:03.0[A] -> Link [LNKC] -> GSI 11 (level, low) -> IRQ 11
[    5.571549] PCI: Setting latency timer of device 0000:00:03.0 to 64
[    5.571649] pcnet32: PCnet/FAST III 79C973 at 0xd020, 08:00:27:14:2e:14 assigned IRQ 11.
[    5.572003] pcnet32: Found PHY 0022:561b at address 0.
[    5.572131] eth0: registered as PCnet/FAST III 79C973
[    5.572131] pcnet32: 1 cards_found.
[    5.584198] No dock devices found.
[    5.617076] SCSI subsystem initialized
[    5.651288] libata version 3.00 loaded.
[    5.784311] hda: max request size: 128KiB
[    5.784320] hda: 10895360 sectors (5578 MB) w/256KiB Cache, CHS=10808/16/63
[    5.784629] hda: cache flushes supported
[    5.784629]  hda:<6>hdc: ATAPI 32X DVD-ROM drive, 128kB Cache
[    5.785090] Uniform CD-ROM driver Revision: 3.20
[    5.785452]  hda1 hda2 < hda5 >
[    6.203297] PM: Starting manual resume from disk
[    6.278658] kjournald starting.  Commit interval 5 seconds
[    6.278680] EXT3-fs: mounted filesystem with ordered data mode.
[    7.078347] udevd version 125 started
[    9.267988] input: Power Button (FF) as /class/input/input1
[    9.300697] ACPI: Power Button (FF) [PWRF]
[    9.301026] input: Sleep Button (FF) as /class/input/input2
[    9.347497] ACPI: Sleep Button (FF) [sLPF]
[    9.640584] ACPI: AC Adapter [AC] (on-line)
[    9.998486] piix4_smbus 0000:00:07.0: Found 0000:00:07.0 device
[    9.998557] piix4_smbus 0000:00:07.0: SMB base address uninitialized - upgrade BIOS or use force_addr=0xaddr
[   10.184199] input: ImExPS/2 Generic Explorer Mouse as /class/input/input3
[   10.296152] input: PC Speaker as /class/input/input4
[   10.331898] Error: Driver 'pcspkr' is already registered, aborting...
[   10.490210] parport_pc 00:05: reported by Plug and Play ACPI
[   11.957398] Adding 289128k swap on /dev/hda5.  Priority:-1 extents:1 across:289128k
[   12.084737] EXT3 FS on hda1, internal journal
[   13.395034] loop: module loaded
[   14.748472] eth0: link up, 100Mbps, full-duplex

debian virtualizzata in virtualbox con l'opzione di rete solo host ( se non ricordo male )

 

scusa ma non sono un sistemista e l'analisi dei log va proprio oltre le mie ( misere ) conoscenze :D

Share this post


Link to post
Share on other sites

Per curiosita' hai altri script nella cartella ifup?

io non ho aggiunto niente, è una normale debian a cui ho installato mysql, php-fpm e nginx...

nella cartella /etc/network/if-up.d/ ci sono

iptables

mountnfs

Puoi guardare anche i permessi della cartella ?

ls -la /etc/network/if-up.d/
drwxr-xr-x 2 root root 4096 2 giu 12:16 .
drwxr-xr-x 7 root root 4096 28 mag 22:40 ..
-rwxr-xr-x 1 root root      49 2 giu 12:16 iptables
-rwxr-xr-x 1 root root 4297 18 gen    2008 mountnfs

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×