LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page iptables MASQUERADING at boot
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-29-2003, 09:38 AM   #1
krishanprath
LQ Newbie
 
Registered: Sep 2003
Location: Darwin , Australia
Posts: 2

Rep: Reputation: 0
Question iptables MASQUERADING at boot

Hi,

I have been trying to figure out what my problem is for a long time and I just can't figure it out. PLEASE HELP!

I have redhat 9 running on my computer.

I have inserted the following in my '/etc/init.d/iptables' file:
NOTE: #### indicate the bit I added

....
echo -n $"Clearing all current rules and user defined chains:"
let ret=0
for i in $chains; do iptables -t $i -X; let ret+=$?; done
iptables -X
let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo

####
# MASQUERADING section (ie allows internal network to access Internet through thiis)
iptables -t filter --append FORWARD --jump ACCEPT --in-interface eth1
iptables -t nat --append POSTROUTING --jump MASQUERADE --out-interface ppp0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo I have enabled Internet access \(ppp0\) to intranet users \(eth1\).
# END of MASQUERADING
####

for i in $chains; do iptables -t $i -Z; done
echo -n $"Applying iptables firewall rules: "
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -c && \
success || \
failure
echo

touch /var/lock/subsys/iptables
fi
......

When I reboot the computer all appears fine as I get no error messages but the masquerading simply does not work. I have no clue why because when I restart iptables it works fine.

Can anyone tell me what the problem is?
Can anyone tell me how I was supposed to identify this issue without having to ask?

Please help
 
Old 09-29-2003, 10:10 AM   #2
snerfu
Member
 
Registered: Sep 2003
Distribution: Debian/GNU
Posts: 30

Rep: Reputation: 15
If you try calling the script from the end of your /etc/rc.d/rc.local file will it start properly?
 
Old 09-30-2003, 07:41 AM   #3
krishanprath
LQ Newbie
 
Registered: Sep 2003
Location: Darwin , Australia
Posts: 2

Original Poster
Rep: Reputation: 0
I figured it out
My problem appeared to be that in the file /etc/sysctl.conf I had to set the variable for IP forwarding to 1 so that the file looked like:

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

Krishan
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables : masquerading not possible iamtux Linux - Networking 3 06-04-2005 11:32 PM
squid and iptables masquerading egyptian Linux - Security 1 09-05-2004 04:31 AM
IP Masquerading (with iptables) and Planetside Milkman00 Linux - Networking 4 06-06-2003 09:12 AM
Iptables Masquerading GOLDF1NG3R Linux - Security 3 11-10-2001 11:51 PM
Iptables Masquerading GOLDF1NG3R Linux - Networking 4 11-01-2001 04:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:00 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration