Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The script is created by 'iptables-save', generally you are not supposed to edit these files by hand, just configure iptables how you want then 'iptables-save > /etc/sysconfig/iptables'. Another option is to edit /etc/sysconfig/iptables-config and change 'IPTABLES_SAVE_ON_STOP="no"' to 'IPTABLES_SAVE_ON_STOP="yes"' so it will save your rules when you stop it.
I would guess that a missing 'COMMIT' on the end could be a problem, try reloading iptables and see if there are any error messages and whether the rules are correct
The script is created by 'iptables-save', generally you are not supposed to edit these files by hand, just configure iptables how you want then 'iptables-save > /etc/sysconfig/iptables'. Another option is to edit /etc/sysconfig/iptables-config and change 'IPTABLES_SAVE_ON_STOP="no"' to 'IPTABLES_SAVE_ON_STOP="yes"' so it will save your rules when you stop it.
I would guess that a missing 'COMMIT' on the end could be a problem, try reloading iptables and see if there are any error messages and whether the rules are correct
cheers
I can not reboot the server that is a problem.
Secondly it is a
Debian server.We are having Xen running on it virtualization stuff.So what is happening is it is changing the vif bridges names a lot many times.After a reboot a IPTABLE rule that was applied to a vif bridge this vif bridge does not exist any more.
I want a few firewall rules to be active at the time of boot which I have configured.So should I write a shell script or how should I go for it.
Word "COMMIT" doesn't have not any relation to iptables rules.
If you want add rule permanently you need to find already existed config. file with default rules and add your rules there or write small script, which will be loaded at boot time, BUT after iptables activation. Otherwise it will erase them.
If you're using a bridged connection you should be performing packet filtering that's specific to the guest within the guest, not within Dom0.
i.e.
Code:
Dom0 # iptables -L
[rules specific to Dom0]
Guest1 # iptables -L
[rules specific to Guest1]
Ya you are right the thing is I have configured IPTABLES to DNAT an SSH connection to DomU from Dom0 which is on a public IP.The rules I posted above are accepting connections at ports
2029
2036
2032
2043
and forwarding to inside DomU's at port 22
So it is like that.
Quote:
Originally Posted by nimnull22
Word "COMMIT" doesn't have not any relation to iptables rules.
If you want add rule permanently you need to find already existed config. file with default rules and add your rules there or write small script, which will be loaded at boot time, BUT after iptables activation. Otherwise it will erase them.
Okay this was helpful thanks can you give me some link so that I can be sure.
Your default rule for INPUT chain is ACCEPT, so any other rules with ACCEPT decision in this chain - is useless.
Where can you find file with rules for iptable, it depends on distribution, for example for OpenSuse it is in:
/etc/sysconfig/scripts/SuSEfirewall2-custom
in Fedora 12 it is /etc/sysconfig/firewall...something
Your default rule for INPUT chain is ACCEPT, so any other rules with ACCEPT decision in this chain - is useless.
Agreed right now it is like that but I will be changing that.That is why I am asking this question.
What I have found out is to be able to run firewall at boot I need to do
write a script in if-up.d on Debian
it will use iptables-restore< </path to where ever I saved iptable>
Or we need to add a line in interfaces before eth2
mentioning post boot what script it should load.
I manually deleted some of the entries so before I do some thing wanted to make sure that things are right I do not have a physical access to the server.
Any how thanks for your reply.
Do you have this:
/etc/init.d/iptables
if yes you can use "start" part of this script to read your rules or from any other places with "iptables-restore" command.
Unfortunately, I do not really know Debian.
Do you have this:
/etc/init.d/iptables
if yes you can use "start" part of this script to read your rules or from any other places with "iptables-restore" command.
Unfortunately, I do not really know Debian.
No I do not have the thing is I have to do it only once so I am a bit cautious.I can not take chances.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
