[TriLUG] iptables vs. ipchains

Jason Tower jason at cerient.net
Mon Sep 9 10:34:04 EDT 2002 

naturally, i remembered that part of your presentation about thirty
seconds after i hit the send button...

> On Sun, 2002-09-08 at 18:05, Jason Tower wrote:
>> tom, i've been playing around with your iptables script over the
>> weekend (and made a few adjustments for my particular needs,
>> masquerading and port forwarding in particular), a couple of
>> questions:
>>
>> 1. i've noticed that if i run the script, verify that it works ok, do
>> a 'service iptables save' and then reboot, some things don't work.  as
>> far as i can tell the ip_forward setting in /proc/sys/net is set to 0
>> after rebooting since the script isn't turning it on any more, what is
>> the best way to set this up to always be on (just add a line in the
>> rc.local/iptables script)?
>
> Like it says in the presentation, all of the /proc modifications are not
> saved in the "service iptables save" since they aren't really part of
> the firewall. You should put them in /etc/sysctl.conf. This procedure is
> described towards the end of the presentation.
>
>> 2. does running 'service iptables save' and 'restart' yield the same
>> results as simply runing the script by itself?  i've noticed some
>> erratic behavior on reboots that are solved by re-running the script
>> manually and i'm not sure why, or if it's just my imagination.
>
> With the exception of the /proc entries, it should.
>
> --
> ---
> Tom "spot" Callaway <tcallawa(a)redhat*com> Red Hat Sales Engineer Sair
> Linux and GNU Certified Administrator (LCA)
> Red Hat Certified Engineer (RHCE)
> GPG: D786 8B22 D9DB 1F8B 4AB7  448E 3C5E 99AD 9305 4260
>
> The words and opinions reflected in this message do not necessarily
> reflect those of my employer, Red Hat, and belong solely to me.
>
> "Immature poets borrow, mature poets steal." --- T. S. Eliot
>
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html


-----------------------
Jason Tower
Cerient Technologies
jason at cerient.net

More information about the TriLUG mailing list