Solução triste, mas funcionou:
Debian formatado e instalado:)
Meu antigo firewall do Debian morreu e estou migrando regras salvas para o Ubuntu desta forma:
iptables-restore < firewall_config
Eu recebo este erro:
Bad argument '192.168.1.0/255.255.255.0'
Error occurred at line: 18
Abrindo o arquivo, aqui está a linha 18:
-A POSTROUTING -s ! 192.168.1.0/255.255.255.0 -j MASQUERADE
O que está errado?
Editar:
Para uma pergunta mais completa aqui está o backup de regra de firewall feito com o iptables-save no debian:
# Generated by iptables-save v1.3.6 on Tue Sep 14 11:21:30 2010
*mangle
:PREROUTING ACCEPT [11666894:3426002549]
:INPUT ACCEPT [3992541:2783596820]
:FORWARD ACCEPT [7601705:635682622]
:OUTPUT ACCEPT [3786217:2807778972]
:POSTROUTING ACCEPT [4294041:3102897533]
COMMIT
# Completed on Tue Sep 14 11:21:30 2010
# Generated by iptables-save v1.3.6 on Tue Sep 14 11:21:30 2010
*nat
:PREROUTING ACCEPT [7593900:393423684]
:POSTROUTING ACCEPT [27503:1709683]
:OUTPUT ACCEPT [92965:5762818]
-A PREROUTING -p tcp -m tcp --dport 23 -j DNAT --to-destination 172.0.0.1:23
-A PREROUTING -s x.y.0.0/255.255.0.0 -p tcp -m tcp --dport 222 -j DNAT --to-destination 172.0.0.2:22
-A POSTROUTING -s 172.0.0.2 -j ACCEPT
-A POSTROUTING -s ! 192.168.1.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Tue Sep 14 11:21:30 2010
# Generated by iptables-save v1.3.6 on Tue Sep 14 11:21:30 2010
*filter
:INPUT DROP [5448:597666]
:FORWARD DROP [175410:8444546]
:OUTPUT ACCEPT [3785918:2807753497]
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -d 172.0.0.121 -j ACCEPT
-A INPUT -s 172.0.0.121 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 4445 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 8085 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 23 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8988 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -d 172.0.0.121 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 143 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 20 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 172.0.0.123 -p tcp -m tcp --dport 8999 -j ACCEPT
-A FORWARD -s 172.0.0.123 -p tcp -m tcp --dport 12177 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 8085 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 23 -j ACCEPT
-A FORWARD -s 172.0.0.187 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 5573 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 5574 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 5500 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 5540 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 5553 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 5557 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -p tcp -m tcp --sport 443 -j ACCEPT
-A FORWARD -s 192.168.2.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT
-A FORWARD -s 192.168.3.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT
-A FORWARD -s 192.168.4.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT
-A FORWARD -s 192.168.5.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT
-A FORWARD -s 192.168.6.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT
-A FORWARD -s 192.168.7.0/255.255.255.0 -d 172.0.0.2 -j ACCEPT
COMMIT
# Completed on Tue Sep 14 11:21:30 2010
Solução triste, mas funcionou:
Debian formatado e instalado:)