LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   IP Tables, Forward Chain. (https://www.linuxquestions.org/questions/linux-newbie-8/ip-tables-forward-chain-847427/)

YellowSnowIsBad 11-30-2010 05:42 AM

IP Tables, Forward Chain.
 
Hey, right now i am trying to setup a forwarding policy on backtrack 4.

i have done so:
Code:

echo 1 /proc/sys/net/ipv4/ip_forward
Code:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

but nothing appears in the forward chain. am i missing something?
+ changing the ip_forward text file to 1 is not persistent through a reboot. maybe i am going wrong somewhere.

leep01 11-30-2010 04:36 PM

Hey

I can only help with this a little as I am just getting familiar with iptables myself but to answer your question about the ip_forward file, yes the changes here do not survive a reboot and this is normal, the /proc directory is re-created each time the computer reboots, as this is a virtual filesystem of the kernel and runtime system settings.

To keep the changes in the ip_forward file I recommend creating a simple shell script, and creating a symbolic link in the runlevel that you boot to - if you are not sure how to do this let me know.

As for the iptables nat statement do you have any other iptables statements added? if you are trying to setup a proxy/firewall server then you will need forward statements as well as the nat statement that you specified.

Here is a few really basic iptables statements which forward requests from the internal network through the server and out to the internet

iptables -t filter -A FORWARD -i eth0 -o eth1 -m state --state NEW -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

I hope this helps to point you in the right direction, let me know what happens

YellowSnowIsBad 12-01-2010 07:00 PM

Thanks, the info on proc was interesting. Turns out my rules were being applied, it was just that i could not see them with 'iptables -L -v', that only prints out the default 'filter' table. i didn't even know there were two other tables, one being nat. to view prerouting rules in the nat table:

Code:

iptables -t nat -L PREROUTING
or all the nat rules:

Code:

iptables -t nat -L
more info here: http://www.linuxreport.org/content/view/26/23/


All times are GMT -5. The time now is 10:53 AM.