LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables get changed after S10network/ifup (https://www.linuxquestions.org/questions/linux-networking-3/iptables-get-changed-after-s10network-ifup-146556/)

hunt3r 02-15-2004 09:38 PM
iptables get changed after S10network/ifup
 
Hi, I've just joined this forum. I've tried to search this forum for similar problem, but can't search for specific keyword tied to my porblem.

I'm running Red Hat 9 as my firewall to the LAN. Just for information, I have disabled iptables service script and I used a firewall script called Shorewall (1.4). This shorewall script has been installed as service.
My internet connection is to a cable modem, receiving dynamic IP (DHCP) from the ISP.

The problem is, everytime the cable modem loses connection and available again, somehow my iptables get changed. And to fix this, I have to restart shorewall.

I've tested this scenario by starting S25shorewall when all network is up, all iptables are correct. But then I restart S10network, I checked the iptables, and all are changed.

I checked that redhat uses lots of script under /etc/sysconfig/network-scripts which I cannot understand how the scripts get run whenever dhcp interface is down or up.

1. Can anyone explain how redhat uses these scripts whenever an interface (static IP or DHCP IP) is up or down ? Especially for DHCP, how these scripts were executed automatically ?
2. How can I make S25shorewall to be started/restarted automatically whenever my internet connection (DHCP IP) is up ?
3. Or how can I make my iptables fixed. Even if my internet connection is lost ? Therefore when the dhcp picks up new ip, the iptables stay the same.

thank you for any help anyone can give... I really appreciate it, I've tried shorewall forum, devshed, linuxforum but no answer to my problem.

thank you for any help avail...

DavidPhillips 02-16-2004 01:06 AM
You can disable the redhat iptables service like this..

chkconfig iptables off

You could also run shorewall and then use this..

service iptables save

or this..

iptables-save > /etc/sysconfig/iptables
chkconfig iptables on
service iptables restart

Then the redhat iptables service will have the rules you want to use and shorewall is no longer needed.

hunt3r 02-16-2004 11:18 PM
Thanks for your reply. Sorry that I forgot to mention that I have disabled iptables service in redhat. It is turned off on all init levels. And indeed iptables script was not executed at all.

I have not try your suggestion, but I think that should works. However, I really want to use shorewall script for flexibility and easier to configure. So still would like to know the solution to my first post.

Thank you


All times are GMT -5. The time now is 05:03 AM.