Antonio Olivares wrote:
--- On Thu, 11/20/08, Christopher K. Johnson <ckjohnson@xxxxxxx> wrote:
From: Christopher K. Johnson <ckjohnson@xxxxxxx>
Subject: Re: set up NAT (network address translation) on local server
To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
Date: Thursday, November 20, 2008, 10:27 AM
It appears from your email that there was an editing error
at the COMMIT or line after.
Perhaps instead of a line-end on those lines it has spaces
and wrapped them into one long line?
Could happen from copy and paste depending on
circumstances.
Check that each rule is on its own line.
I reset the iptables back to the original condition and added them, but still no joy :(
[root@localhost ~]# gedit /etc/sysconfig/iptables &
[1] 8516
[root@localhost ~]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: Bad argument `iptables'
Error occurred at line: 2
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
[root@localhost ~]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@localhost ~]# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT [1]+ Done gedit /etc/sysconfig/iptables
[root@localhost ~]# iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@localhost ~]# iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008
*nat
:PREROUTING ACCEPT [5:692]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210
COMMIT
# Completed on Thu Nov 20 13:14:50 2008
# Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008
*filter
:INPUT ACCEPT [2483:1813687]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2598:1049836]
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Nov 20 13:14:50 2008
[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
iptables: Loading additional modules: ip_conntrack_netbios_[ OK ]
[root@localhost ~]# service dhcpd start
Starting dhcpd: [ OK ]
[root@localhost ~]#
The iptables get back to original state. error in iptables-save ?/bug
[root@localhost ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Thanks,
Antonio
I fought with iptables on my desktop doing this and found a link that
described and issue with Fedora resetting the iptables on each reboot.
It provided a way to create an iptables modification init.d procedure
for just this problem. It works like a dream.
Sorry I don't have the link as it is at home.
--
Robin Laing
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines