1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What does this mean: iptables-restore: line 43 failed

Discussion in 'Tomato Firmware' started by nomejodas, Mar 25, 2012.

  1. nomejodas

    nomejodas Network Guru Member

    I see this message in the Port Forwarding/Basic and Access Restriction sections. What does it mean? I can't remember if I saw it before but I noticed it after I restored the default configuration in Administration/Configuration, Restore Default Configuration, "restore default router settings (normal)".

    I am using Shibby tomato-ND-1.28.-088V-Std.trx and Linksys WRT54GS 1.0
  2. kthaddock

    kthaddock Network Guru Member

    Reboot your router.
  3. shibby20

    shibby20 Network Guru Member

    please show me 43 line from file /etc/iptables
  4. nomejodas

    nomejodas Network Guru Member

    I rebooted my router and the message disappeared. Thanks kthaddock. If you still want me to show you the line shibby can you tell me how to do that?
  5. shibby20

    shibby20 Network Guru Member

    you haven`t error nomore well was not subject :)
  6. poldim

    poldim Reformed Router Member

    I have same error on line 94, and line 94 is the commit line
    I'm not quite sure when the error appeared, but I know several ports are forwarding correctly while other ports like remote access to the primary and secondary routers (routed to through port forwarding to its IP@8080) are not working. I recently tried to setup a VLAN for a guest network and am thinking in the process might have broken it...

    Here is the file:
    :OUTPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :WANPREROUTING - [0:0]
    -A PREROUTING -i vlan2 -d -j DROP
    -A PREROUTING -i vlan2 -d -j DROP
    -A WANPREROUTING -p icmp -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 8888:8889 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 3389 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 20000:20999 -j DNAT --to-destination
    -A WANPREROUTING -p udp  --dport 20000:20999 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 15000 -j DNAT --to-destination
    -A WANPREROUTING -p udp  --dport 15000 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 31 -j DNAT --to-destination
    -A WANPREROUTING -p udp  --dport 31 -j DNAT --to-destination
    -A WANPREROUTING -p udp  --dport 123 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 30000 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 8336:8337 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 10001 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 80 -j DNAT --to-destination
    -A WANPREROUTING -p udp  --dport 80 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 12345 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 3030 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 21 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 443 -j DNAT --to-destination
    -A WANPREROUTING -p udp  --dport 4500 -j DNAT --to-destination
    -A WANPREROUTING -p tcp  --dport 500 -j DNAT --to-destination
    :upnp - [0:0]
    -A PREROUTING -d -j upnp
    -A WANPREROUTING  -j DNAT --to-destination
    -A POSTROUTING -o vlan2 -d -j MASQUERADE
    -A POSTROUTING -o br0 -s -d -j SNAT --to-source
    -A POSTROUTING -o br1 -s -d -j SNAT --to-source
    :INPUT DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i br0 -j ACCEPT
    -A INPUT -i br1 -j ACCEPT
    -A INPUT -p udp --sport 67 --dport 68 -j ACCEPT
    -A INPUT -p tcp  --dport 30 -j ACCEPT
    :FORWARD DROP [0:0]
    -A FORWARD -m account --aaddr --aname lan
    -A FORWARD -m account --aaddr --aname lan1
    -A FORWARD -i br0 -o br0 -j ACCEPT
    -A FORWARD -i br1 -o br1 -j ACCEPT
    -A FORWARD -m state --state INVALID -j DROP
    -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
    :monitor - [0:0]
    -A FORWARD -o vlan2  -j monitor
    -A monitor -p tcp -m webmon --max_domains 300 --max_searches 300 --domain_load_file /var/webmon/domain --search_load_file /var/webmon/search -j RETURN
    :wanin - [0:0]
    :wanout - [0:0]
    -A FORWARD -i br0 -o br1 -j DROP
    -A FORWARD -i br1 -o br0 -j DROP
    -A FORWARD -i vlan2 -j wanin
    -A FORWARD -o vlan2 -j wanout
    -A FORWARD -i br0 -j ACCEPT
    -A FORWARD -i br1 -j ACCEPT
    :upnp - [0:0]
    -A FORWARD -i vlan2 -j upnp
    -A wanin  -p tcp -m tcp -d --dport 8888:8889 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 3389 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 20000:20999 -j ACCEPT
    -A wanin  -p udp -m udp -d --dport 20000:20999 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 80 -j ACCEPT
    -A wanin  -p udp -m udp -d --dport 80 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 8080 -j ACCEPT
    -A wanin  -p udp -m udp -d --dport 8080 -j ACCEPT
    -A wanin  -p udp -m udp -d --dport 123 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 80 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 8336:8337 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 10001 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 80 -j ACCEPT
    -A wanin  -p udp -m udp -d --dport 80 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 80 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 3030 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 21 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 443 -j ACCEPT
    -A wanin  -p udp -m udp -d --dport 4500 -j ACCEPT
    -A wanin  -p tcp -m tcp -d --dport 500 -j ACCEPT
    -A FORWARD -o br0  -d -j ACCEPT
    Last edited: Dec 22, 2013

Share This Page