Hi! Want to let the commands below to be run at boot. What do I do to get it work?

su
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Thanks for any help..

Put those lines in .bash_profile file of the users to whome u want it to run.


If u want it to run in every user put it in the /etc/rc/d/rc5.d/S99local file.
You can also put it in the

/etc/rc/d/rc3.d/S99local file. So that it will be excuted in runlevel 3 or 5 at every time you login the pc.




Ok..

check it ..



bye

ok, but any way to get this procedure automated?

tried sudo echo "1"> ......
but that gives me an error permission denied
because of this I have to su, and login as root to do this

is there a boot file/script that can do this right before it
enters the loginscreen, so that no user have to login to
get the command running / typing it? (it is on a server)

and possibly automated, so when I boot the server it is ready to go..

The idea of having either or both of these commands put into a login script is definitely wrong. The idea of putting these commands into a boot script is definitely correct.

Are you sure that the setting in /proc/sys/net/ipv4/ip_forward needs to be set every time the system starts? I believe that this setting will keep its value between reboots without any help. If it does need to be set every time that you start the system then you may find that your distribution has a system configuration file that will take care of this. For example the ip forwarding command that you want to execute is done in my SuSE 9.2 system in the file /etc/init.d/boot.ipconfig. Here is the pertinent code in that file.
In my SuSE 9.2 the IP_FORWARD variable is set in the /etc/sysconfig/sysctl file.

This could be done very differently in different distributions.


The same thing is true of the iptables. I know that my Debian Sarge installation did not automatically configure a firewall but my SuSE 9.2 installation did automatically set up a firewall and it automatically starts whenever the system starts. You should find out if the distribution that you are using for this already has an iptables setup routine and add your NAT configuration command to that. If you don't already have an iptables configuration in your system startup then you would want to have it start after your network is running. You could create a file called iptables-nat in your /etc/init.d directory containing your command. Then in each of the rc2.d, rc3.d, and rc5.d you create a link to that iptables-nat file with the correct name (S??iptables-nat). For example if you already have a link in your rc5.d directory named S11network then you would create a link in the same directory that points to your /etc/init.d/iptables-nat file. That link could be named S12iptables-nat.

Post any questions. Keep in mind that different distributions do some things differently but other things are pretty much the same in any Linux distribution. Startup files are in /etc/init.d. The startup rc?.d directories are either in /etc or in /etc/init.d. Some distributions use an rc.local while others don't. I'm just trying to say that you may have to do a little looking around your system startup to find the way that your system does the things that I mentioned.

Always make a copy of a system startup file before you edit it.

thanks for the help, will try to look around a bit and test some solutions.. may take some time, but thanks again for such a "deep" explanation!

"Are you sure that the setting in /proc/sys/net/ipv4/ip_forward needs to be set every time the system starts?" -When restaring the computer I have to echo 1 to the ip_forward and do iptables command..

ok, found this in /etc/init.d/networking; isn't this telling the computer to put 1 in ip_forward?

ip_forward () {
if [ -e /proc/sys/net/ipv4/ip_forward ]; then
if [ "$VERBOSE" != no ]; then
log_begin_msg "Enabling packet forwarding..."
echo 1 > /proc/sys/net/ipv4/ip_forward
log_end_msg $?
else
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
fi
}

restarted server now, puts "0" in ip_forward, and I also need to do the iptables command!

Yes it is but it is implemented as a function. Some other line will have to call this function or it will not execute.
Here the code tests the existence of the file /proc/sys/net/ipv4/ip_forward. If this file doesn't already exist then it will not turn ip forwarding on.

At this point in the code ip forwarding will be turned on. This just tests to see if a log file entry should be made.

This turns ip forwarding on. Notice that the echo command does not have quotes around the 1. The code in my SuSE machine had quotes around the 1. I don't know if this is important.

So one or more of three things could be happening on your system. Either
1) the /proc/sys/net/ipv4/ip_forward file doesn't exist when the system starts or
2) this function isn't being called or
3) the lack of quotes around the 1 is incorrect.

You could rewrite the function as follows to see if it is being called and if it is trying to set a 1 in the ip_forward file. Make a backup copy of your original startup file before you make any edits. This change would only be temporary.

The changes simply attempt to make an entry to the boot log file when the function is called and to use the verbose code regardless of the value of VERBOSE, wherever that is set.

Note that I've never seen or used the log_begin_msg or log_end_msg feature so I could be introducing an error.

When the system starts you should see the message that we added at the beginning of the function when you look at dmesg or in the /var/log/boot.msg file. If you don't see the message that we added at the beginning of the function then it (probably) is not being called. (Or I messed up with the log_begin_msg).

If you do see that message then you should also see a message saying that ip_forwarding is being enabled. If not then the /proc/sys/net/ipv4/ip_forward file doesn't exist. The fix for that would be to remove the test for the existence of that file.

If you do see the message indicating that ip forwarding is being enabled then the echo command has a problem. In that case I would try putting quotes around the 1.

Or you could just change the code as follows:
In this form the only question is whether the function gets called. If it does get called then it will work. I didn't put quotes around the 1 because I didn't know if it would cause a problem in the middle of the log_begin_msg ... log_end_msg. You could even eliminate that question with this rewrite.

thanks, will try that. But I can't be the only one who needs this to work? Someone else must have configured ubuntu as an server and needed this? Someone must know ubuntu good enough that they can tell me exactly what to do!?

If you want to know the real answer then RTFM.

And that means?

Another way to specify ip_forward at boot in Ubuntu 5.10 is to edit the file /etc/network/options
and change ip_forward=no to ip_forward=yes