Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 11-30-2010, 05:42 AM   #1
Registered: Oct 2010
Posts: 49

Rep: Reputation: Disabled
IP Tables, Forward Chain.

Hey, right now i am trying to setup a forwarding policy on backtrack 4.

i have done so:
echo 1 /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

but nothing appears in the forward chain. am i missing something?
+ changing the ip_forward text file to 1 is not persistent through a reboot. maybe i am going wrong somewhere.
Old 11-30-2010, 04:36 PM   #2
LQ Newbie
Registered: Nov 2010
Posts: 3

Rep: Reputation: 1

I can only help with this a little as I am just getting familiar with iptables myself but to answer your question about the ip_forward file, yes the changes here do not survive a reboot and this is normal, the /proc directory is re-created each time the computer reboots, as this is a virtual filesystem of the kernel and runtime system settings.

To keep the changes in the ip_forward file I recommend creating a simple shell script, and creating a symbolic link in the runlevel that you boot to - if you are not sure how to do this let me know.

As for the iptables nat statement do you have any other iptables statements added? if you are trying to setup a proxy/firewall server then you will need forward statements as well as the nat statement that you specified.

Here is a few really basic iptables statements which forward requests from the internal network through the server and out to the internet

iptables -t filter -A FORWARD -i eth0 -o eth1 -m state --state NEW -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

I hope this helps to point you in the right direction, let me know what happens
Old 12-01-2010, 07:00 PM   #3
Registered: Oct 2010
Posts: 49

Original Poster
Rep: Reputation: Disabled
Thanks, the info on proc was interesting. Turns out my rules were being applied, it was just that i could not see them with 'iptables -L -v', that only prints out the default 'filter' table. i didn't even know there were two other tables, one being nat. to view prerouting rules in the nat table:

iptables -t nat -L PREROUTING
or all the nat rules:

iptables -t nat -L
more info here:


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables forward to new chain packets Linux - Security 1 06-02-2010 06:45 AM
iptables FORWARD chain allow back connections niteshadw Linux - Networking 3 04-23-2010 11:39 AM
iptables good packet chain (instead of bad packet chain) win32sux Linux - Security 6 11-06-2008 06:02 AM
How to get packets into the forward chain? marting Linux - Server 2 09-17-2008 02:15 AM
Iptables redirect AFTER INPUT/FORWARD chain processing tunasashimi Linux - Networking 0 07-09-2007 03:40 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:32 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration