1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What does this mean: iptables-restore: line 43 failed

Discussion in 'Tomato Firmware' started by nomejodas, Mar 25, 2012.

  1. nomejodas

    nomejodas Network Guru Member

    I see this message in the Port Forwarding/Basic and Access Restriction sections. What does it mean? I can't remember if I saw it before but I noticed it after I restored the default configuration in Administration/Configuration, Restore Default Configuration, "restore default router settings (normal)".

    I am using Shibby tomato-ND-1.28.-088V-Std.trx and Linksys WRT54GS 1.0
     
  2. kthaddock

    kthaddock Network Guru Member

    Reboot your router.
     
  3. shibby20

    shibby20 Network Guru Member

    please show me 43 line from file /etc/iptables
     
  4. nomejodas

    nomejodas Network Guru Member

    I rebooted my router and the message disappeared. Thanks kthaddock. If you still want me to show you the line shibby can you tell me how to do that?
     
  5. shibby20

    shibby20 Network Guru Member

    you haven`t error nomore well was not subject :)
     
  6. poldim

    poldim Reformed Router Member

    I have same error on line 94, and line 94 is the commit line
    I'm not quite sure when the error appeared, but I know several ports are forwarding correctly while other ports like remote access to the primary and secondary routers (routed to through port forwarding to its IP@8080) are not working. I recently tried to setup a VLAN for a guest network and am thinking in the process might have broken it...

    Here is the file:
    Code:
    *mangle
    :PREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    COMMIT
    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :WANPREROUTING - [0:0]
    -A PREROUTING -i vlan2 -d 192.168.1.1/255.255.255.0 -j DROP
    -A PREROUTING -i vlan2 -d 192.168.100.1/255.255.255.0 -j DROP
    -A PREROUTING -d 107.3.137.190 -j WANPREROUTING
    -A WANPREROUTING -p icmp -j DNAT --to-destination 192.168.1.1
    -A WANPREROUTING -p tcp  --dport 8888:8889 -j DNAT --to-destination 192.168.1.10
    -A WANPREROUTING -p tcp  --dport 3389 -j DNAT --to-destination 192.168.1.75
    -A WANPREROUTING -p tcp  --dport 20000:20999 -j DNAT --to-destination 192.168.1.75
    -A WANPREROUTING -p udp  --dport 20000:20999 -j DNAT --to-destination 192.168.1.75
    -A WANPREROUTING -p tcp  --dport 15000 -j DNAT --to-destination 192.168.1.20:80
    -A WANPREROUTING -p udp  --dport 15000 -j DNAT --to-destination 192.168.1.20:80
    -A WANPREROUTING -p tcp  --dport 31 -j DNAT --to-destination 192.168.1.2:8080
    -A WANPREROUTING -p udp  --dport 31 -j DNAT --to-destination 192.168.1.2:8080
    -A WANPREROUTING -p udp  --dport 123 -j DNAT --to-destination 192.168.1.99:123
    -A WANPREROUTING -p tcp  --dport 30000 -j DNAT --to-destination 192.168.1.5:80
    -A WANPREROUTING -p tcp  --dport 8336:8337 -j DNAT --to-destination 192.168.1.10
    -A WANPREROUTING -p tcp  --dport 10001 -j DNAT --to-destination 192.168.1.10
    -A WANPREROUTING -p tcp  --dport 80 -j DNAT --to-destination 192.168.1.75
    -A WANPREROUTING -p udp  --dport 80 -j DNAT --to-destination 192.168.1.75
    -A WANPREROUTING -p tcp  --dport 12345 -j DNAT --to-destination 192.168.1.10:80
    -A WANPREROUTING -p tcp  --dport 3030 -j DNAT --to-destination 192.168.1.10:3030
    -A WANPREROUTING -p tcp  --dport 21 -j DNAT --to-destination 192.168.1.75:21
    -A WANPREROUTING -p tcp  --dport 443 -j DNAT --to-destination 192.168.1.99:443
    -A WANPREROUTING -p udp  --dport 4500 -j DNAT --to-destination 192.168.1.99:4500
    -A WANPREROUTING -p tcp  --dport 500 -j DNAT --to-destination 192.168.1.99:500
    :upnp - [0:0]
    -A PREROUTING -d 107.3.137.190 -j upnp
    -A WANPREROUTING  -j DNAT --to-destination 192.168.1.99
    -A POSTROUTING -o vlan2 -d 192.168.100.1 -j MASQUERADE
    -A POSTROUTING  -o vlan2 -j MASQUERADE
    -A POSTROUTING -o br0 -s 192.168.1.1/255.255.255.0 -d 192.168.1.1/255.255.255.0 -j SNAT --to-source 192.168.1.1
    -A POSTROUTING -o br1 -s 192.168.100.1/255.255.255.0 -d 192.168.100.1/255.255.255.0 -j SNAT --to-source 192.168.100.1
    COMMIT
    *filter
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i br0 -j ACCEPT
    -A INPUT -i br1 -j ACCEPT
    -A INPUT -p udp --sport 67 --dport 68 -j ACCEPT
    -A INPUT -p tcp  --dport 30 -j ACCEPT
    :FORWARD DROP [0:0]
    -A FORWARD -m account --aaddr 192.168.1.0/255.255.255.0 --aname lan
    -A FORWARD -m account --aaddr 192.168.100.0/255.255.255.0 --aname lan1
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -i br1 -o br1 -j ACCEPT
    -A FORWARD -m state --state INVALID -j DROP
    -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    :monitor - [0:0]
    -A FORWARD -o vlan2  -j monitor
    -A monitor -p tcp -m webmon --max_domains 300 --max_searches 300 --domain_load_file /var/webmon/domain --search_load_file /var/webmon/search -j RETURN
    :wanin - [0:0]
    :wanout - [0:0]
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -i br0 -o br1 -j DROP
    -A FORWARD -i br1 -o br0 -j DROP
    -A FORWARD -i vlan2 -j wanin
    -A FORWARD -o vlan2 -j wanout
    -A FORWARD -i br0 -j ACCEPT
    -A FORWARD -i br1 -j ACCEPT
    :upnp - [0:0]
    -A FORWARD -i vlan2 -j upnp
    -A wanin  -p tcp -m tcp -d 192.168.1.10 --dport 8888:8889 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.75 --dport 3389 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.75 --dport 20000:20999 -j ACCEPT
    -A wanin  -p udp -m udp -d 192.168.1.75 --dport 20000:20999 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.20 --dport 80 -j ACCEPT
    -A wanin  -p udp -m udp -d 192.168.1.20 --dport 80 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.2 --dport 8080 -j ACCEPT
    -A wanin  -p udp -m udp -d 192.168.1.2 --dport 8080 -j ACCEPT
    -A wanin  -p udp -m udp -d 192.168.1.99 --dport 123 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.5 --dport 80 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.10 --dport 8336:8337 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.10 --dport 10001 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.75 --dport 80 -j ACCEPT
    -A wanin  -p udp -m udp -d 192.168.1.75 --dport 80 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.10 --dport 80 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.10 --dport 3030 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.75 --dport 21 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.99 --dport 443 -j ACCEPT
    -A wanin  -p udp -m udp -d 192.168.1.99 --dport 4500 -j ACCEPT
    -A wanin  -p tcp -m tcp -d 192.168.1.99 --dport 500 -j ACCEPT
    -A FORWARD -o br0  -d 192.168.1.99 -j ACCEPT
    COMMIT
    
     
    Last edited: Dec 22, 2013

Share This Page