[TriLUG] iptables vs. ipchains

[Stephen Schaefer]

1.  On my Red Hat 7.2 system, the cleanest option
might  be to set it in /etc/sysctl.conf

2.  You'll just have to look for differences between
your boot environment and the environment you're
running the scripts in.  Try putting this toward the
top of the script:

exec 2>/var/log/scriptname$$
set -x
env 1>&2

Variable settings using set later on in the script (or
its subscripts) may turn off the set -x; you'll have
to hunt down those locations and turn it back on again
to get a complete transcript of what's going on.  You
can then compare what happens when it fails to what
happens when it works.  I'm sorry this is so tedious,
but in the absence of other diagnostic information, I
don't know what else to suggest

    - Stephen

--- Jason Tower <jason at cerient.net> wrote:
> tom, i've been playing around with your iptables
> script over the weekend
> (and made a few adjustments for my particular needs,
> masquerading and port
> forwarding in particular), a couple of questions:
> 
> 1. i've noticed that if i run the script, verify
> that it works ok, do a
> 'service iptables save' and then reboot, some things
> don't work.  as far
> as i can tell the ip_forward setting in
> /proc/sys/net is set to 0 after
> rebooting since the script isn't turning it on any
> more, what is the best
> way to set this up to always be on (just add a line
> in the
> rc.local/iptables script)?
> 
> 2. does running 'service iptables save' and
> 'restart' yield the same
> results as simply runing the script by itself?  i've
> noticed some erratic
> behavior on reboots that are solved by re-running
> the script manually and
> i'm not sure why, or if it's just my imagination.
> 
> (FWIW, i'm running this on the null beta).  thanks -
> jason
> 
[further history elided]

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com