Re: init-script question: iptables and networking

To: debian-user@lists.debian.org
Subject: Re: init-script question: iptables and networking
From: Antony Gelberg <antony@antgel.co.uk>
Date: Mon, 19 Jan 2004 00:21:16 +0000
Message-id: <[🔎] 20040119002116.GA3759@brain.pulsesol.com>
Mail-followup-to: Antony Gelberg <antony@antgel.co.uk>, debian-user@lists.debian.org
In-reply-to: <[🔎] 1074465313.606.232.camel@pferd.babel>
References: <[🔎] 1074465313.606.232.camel@pferd.babel>

On Sun, Jan 18, 2004 at 11:35:13PM +0100, Christian Schnobrich wrote:
> Hello,
> 
> like many, I have an old box set up as gateway. Upon reboot, I'd like it
> to load the appropriate iptables rules and set /proc/../ip_forward to 1.
> 
> Until now, I'm doing this by a self-made "init script" that will do just
> that, but won't understand any of the usual start|stop|restart|[etc]
> options. Not exactly a script, really.
> 
> Now I've stumbled over an actual existing script, /etc/init.d/iptables.
> I just failed to see it until today.
> Would it be 'smarter' or 'better policy' to employ this script instead
> of my own pseodo-script? And, what does it actually do? I couldn't find
> any docs, and reading the script itself I'm not sure whether I
> understand it correctly -- I do however get a feeling as if my brain was
> wildly spinning in my head. Just running the script and see what happens
> doesn't seem to be a prudent approach as well.

Have a look in /etc/defaults/iptables.  This suggests that the package
maintainer doesn't like the /etc/init.d/iptables idea.  I don't see a
major problem with it, but then I'm sure he knows something I don't.

I ignore it, and put my iptables and other routing/firewall stuff in
something like /usr/local/bin/firewall_on, then call that script from
/etc/init.d/bootmisc.sh.

> Next, in /etc/init.d/networking I found the following:
> > ip_forward () {
> >     if [ -e /proc/sys/net/ipv4/ip_forward ]; then
> >         echo -n "Enabling packet forwarding: "
> >         echo 1 > /proc/sys/net/ipv4/ip_forward
> >         echo "done."
> >     fi
> I read this as "if .../ip_forward exists, set it to 1", however, this
> doesn't work for me. This script seems easier to understand than the one
> above, and I don't see anything that might have the power not to call
> the above function -- it should be invoked every time the script is run,
> but I have /proc/sys/net/ipv4/ip_forward = 0 after boot.

That function is called by the line lower down "doopt ip_forward no".
And doopt looks in /etc/network/options.  If you put ip_forward=yes in
/etc/network/options, that will turn on IP forwarding.

A
-- 
Please don't CC me.  Also _please_ read the following before posting:
Documentation - http://www.debian.org/doc/
FAQ - http://www.debian.org/doc/FAQ/
Install manual (i386) - http://www.debian.org/releases/stable/i386/install

Reply to:

Follow-Ups:
- Re: init-script question: iptables and networking
  - From: Christian Schnobrich <schnobs@babylon-kino.de>

References:
- init-script question: iptables and networking
  - From: Christian Schnobrich <schnobs@babylon-kino.de>

Prev by Date: Re: no response from the most generic 3-button mouses
Next by Date: Re: [OT] tuxracer + bunny hill: possible?
Previous by thread: init-script question: iptables and networking
Next by thread: Re: init-script question: iptables and networking
Index(es):
- Date
- Thread