LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-30-2010, 06:42 AM   #1
YellowSnowIsBad
Member
 
Registered: Oct 2010
Posts: 48

Rep: Reputation: Disabled
IP Tables, Forward Chain.


Hey, right now i am trying to setup a forwarding policy on backtrack 4.

i have done so:
Code:
echo 1 /proc/sys/net/ipv4/ip_forward
Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

but nothing appears in the forward chain. am i missing something?
+ changing the ip_forward text file to 1 is not persistent through a reboot. maybe i am going wrong somewhere.
 
Old 11-30-2010, 05:36 PM   #2
leep01
LQ Newbie
 
Registered: Nov 2010
Posts: 3

Rep: Reputation: 1
Hey

I can only help with this a little as I am just getting familiar with iptables myself but to answer your question about the ip_forward file, yes the changes here do not survive a reboot and this is normal, the /proc directory is re-created each time the computer reboots, as this is a virtual filesystem of the kernel and runtime system settings.

To keep the changes in the ip_forward file I recommend creating a simple shell script, and creating a symbolic link in the runlevel that you boot to - if you are not sure how to do this let me know.

As for the iptables nat statement do you have any other iptables statements added? if you are trying to setup a proxy/firewall server then you will need forward statements as well as the nat statement that you specified.

Here is a few really basic iptables statements which forward requests from the internal network through the server and out to the internet

iptables -t filter -A FORWARD -i eth0 -o eth1 -m state --state NEW -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

I hope this helps to point you in the right direction, let me know what happens
 
Old 12-01-2010, 08:00 PM   #3
YellowSnowIsBad
Member
 
Registered: Oct 2010
Posts: 48

Original Poster
Rep: Reputation: Disabled
Thanks, the info on proc was interesting. Turns out my rules were being applied, it was just that i could not see them with 'iptables -L -v', that only prints out the default 'filter' table. i didn't even know there were two other tables, one being nat. to view prerouting rules in the nat table:

Code:
iptables -t nat -L PREROUTING
or all the nat rules:

Code:
iptables -t nat -L
more info here: http://www.linuxreport.org/content/view/26/23/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables forward to new chain packets Linux - Security 1 06-02-2010 07:45 AM
iptables FORWARD chain allow back connections niteshadw Linux - Networking 3 04-23-2010 12:39 PM
iptables good packet chain (instead of bad packet chain) win32sux Linux - Security 6 11-06-2008 07:02 AM
How to get packets into the forward chain? marting Linux - Server 2 09-17-2008 03:15 AM
Iptables redirect AFTER INPUT/FORWARD chain processing tunasashimi Linux - Networking 0 07-09-2007 04:40 AM


All times are GMT -5. The time now is 04:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration