Results 1 to 4 of 4

Thread: Iptables error: weird character in interface `venet0:0'

  1. #1
    Join Date
    May 2006
    Posts
    13

    Default Iptables error: weird character in interface `venet0:0'

    Hi all,

    iptables complains about the network interface name.

    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).

    Is this okay for a vps (to be ignored), or should I be concerned?

    I ran the firewall ruleset below, which I believe should permit ssh login, but ssh connections are dropped.

    Code:
    /sbin/iptables --policy INPUT DROP
    /sbin/iptables --policy FORWARD DROP
    /sbin/iptables --policy OUTPUT DROP
    /sbin/iptables -N LOGDROP
    /sbin/iptables -A LOGDROP -j LOG --log-prefix DROP:
    /sbin/iptables -A LOGDROP -j DROP
    /sbin/iptables -N LOGACCEPT
    /sbin/iptables -A LOGACCEPT -j LOG --log-prefix ACCEPT:
    /sbin/iptables -A LOGACCEPT -j ACCEPT
    /sbin/iptables -A INPUT -i lo -j ACCEPT
    /sbin/iptables -A OUTPUT -o lo -j ACCEPT
    /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/iptables -A INPUT -p icmp --icmp-type echo-request -m state --state NEW -j LOGACCEPT
    /sbin/iptables -A INPUT -p udp --sport 32769:65535 --dport 33434:33523 -m state --state NEW -j LOGACCEPT
    /sbin/iptables -A OUTPUT -o venet0:0 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -i venet0:0 -p tcp --dport 22 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -i venet0:0 -p tcp --dport 25 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -i venet0:0 -p tcp --dport 53 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -i venet0:0 -p tcp --dport 80 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -i venet0:0 -p tcp --dport 220 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -i venet0:0 -p udp --dport 53 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -i venet0:0 -j DROP
    /sbin/iptables -A INPUT -j LOGDROP
    /sbin/iptables -A OUTPUT -j LOGDROP
    /sbin/iptables -A FORWARD -j LOGDROP
    Code:
    # ./firewall
    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).
    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).
    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).
    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).
    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).
    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).
    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).
    Warning: weird character in interface `venet0:0' (No aliases, :, ! or *).

  2. #2
    Join Date
    Jun 2006
    Location
    australia
    Posts
    64

    Default

    I don't think you can specify venet0:0 (interface:alias) in iptables, only venet0 (interface).

    If you want to make a rule with that, you have to specify the IP address of the alias ie, if venet0:0 is 192.168.1.1
    change:
    /sbin/iptables -A OUTPUT -o venet0:0 -m state --state NEW -j ACCEPT
    to:
    /sbin/iptables -A OUTPUT -o venet0 -s 192.168.1.1 -m state --state NEW -j ACCEPT

  3. #3
    Join Date
    May 2006
    Posts
    13

    Default

    Quote Originally Posted by aero
    I don't think you can specify venet0:0 (interface:alias) in iptables, only venet0 (interface).
    Ah yes, you are right... thanks. Using interface venet0 it works okay, except for my attempt to rate limit connnections to ssh:

    Code:
    /sbin/iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --set
    /sbin/iptables -A INPUT -i venet0 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 300 --hitcount 3 -j LOGDROP
    
    iptables: No chain/target/match by that name
    So my question is how can this be achieved on openvz? Do vpslink need to enable something to load the necessary iptables module or can it be done locally on the vps?

  4. #4
    Join Date
    Jul 2008
    Posts
    1

    Default Try these

    Hi

    New to this forum .I dont know this will be useful to you now.
    anyway try...

    iptables -A INPUT -p tcp --dport ssh -j ACCEPT

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •