[TriLUG] iptables vs. ipchains
Tom 'spot' Callaway
tcallawa at redhat.com
Mon Sep 9 08:52:50 EDT 2002
On Sun, 2002-09-08 at 18:05, Jason Tower wrote:
> tom, i've been playing around with your iptables script over the weekend
> (and made a few adjustments for my particular needs, masquerading and port
> forwarding in particular), a couple of questions:
>
> 1. i've noticed that if i run the script, verify that it works ok, do a
> 'service iptables save' and then reboot, some things don't work. as far
> as i can tell the ip_forward setting in /proc/sys/net is set to 0 after
> rebooting since the script isn't turning it on any more, what is the best
> way to set this up to always be on (just add a line in the
> rc.local/iptables script)?
Like it says in the presentation, all of the /proc modifications are not
saved in the "service iptables save" since they aren't really part of
the firewall. You should put them in /etc/sysctl.conf. This procedure is
described towards the end of the presentation.
> 2. does running 'service iptables save' and 'restart' yield the same
> results as simply runing the script by itself? i've noticed some erratic
> behavior on reboots that are solved by re-running the script manually and
> i'm not sure why, or if it's just my imagination.
With the exception of the /proc entries, it should.
--
---
Tom "spot" Callaway <tcallawa(a)redhat*com> Red Hat Sales Engineer
Sair Linux and GNU Certified Administrator (LCA)
Red Hat Certified Engineer (RHCE)
GPG: D786 8B22 D9DB 1F8B 4AB7 448E 3C5E 99AD 9305 4260
The words and opinions reflected in this message do not necessarily
reflect those of my employer, Red Hat, and belong solely to me.
"Immature poets borrow, mature poets steal." --- T. S. Eliot
More information about the TriLUG
mailing list