--- On Thu, 11/20/08, Christopher K. Johnson <ckjohnson@xxxxxxx> wrote:
> From: Christopher K. Johnson <ckjohnson@xxxxxxx>
> Subject: Re: set up NAT (network address translation) on local server
> To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
> Date: Thursday, November 20, 2008, 10:27 AM
> It appears from your email that there was an editing error
> at the COMMIT or line after.
> Perhaps instead of a line-end on those lines it has spaces
> and wrapped them into one long line?
> Could happen from copy and paste depending on
> circumstances.
> Check that each rule is on its own line.
>
I reset the iptables back to the original condition and added them, but still no joy :(
[root@localhost ~]# gedit /etc/sysconfig/iptables &
[1] 8516
[root@localhost ~]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: Bad argument `iptables'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
[root@localhost ~]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@localhost ~]# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT [1]+ Done gedit /etc/sysconfig/iptables
[root@localhost ~]# iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@localhost ~]# iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008
*nat
:PREROUTING ACCEPT [5:692]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210
COMMIT
# Completed on Thu Nov 20 13:14:50 2008
# Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008
*filter
:INPUT ACCEPT [2483:1813687]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2598:1049836]
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Nov 20 13:14:50 2008
[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
iptables: Loading additional modules: ip_conntrack_netbios_[ OK ]
[root@localhost ~]# service dhcpd start
Starting dhcpd: [ OK ]
[root@localhost ~]#
The iptables get back to original state. error in iptables-save ?/bug
[root@localhost ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Thanks,
Antonio
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
