Re: iptables default

To: "Glenn Hocking" <glenn@sitegeneral.com>
Cc: <debian-isp@lists.debian.org>
Subject: Re: iptables default
From: "n/a" <test@pandora.be>
Date: Thu, 13 Mar 2003 04:04:02 +0100
Message-id: <000501c2e90d$33adccb0$0601a8c0@jbox>
References: <3E6FE986.3050108@sitegeneral.com>

Hi Glenn,

I've just got some grip on iptables myself, finally.

#/etc/init.d/iptables save active

will make the currently loaded tables active at next reboot, that is, if you
enabled the init.d script for iptables, if you did not do so run

#dpkg-reconfigure iptables

and say Y to enable the init.d script at bootup, this will configure the
ln -s to the /etc/init.d/iptables script in the rcN.d
directory's/runleveldirectory's.

Personally i've made a script called fwc.sh wich i optimize and then
execute, this way it's really fast to start up a script and i cannot loose
any specific settings unless i'm doing something really really stupid.

what i do in this script is about the following.

1- bring down the external interface (ifdown eth1)
2- set up the policy en IP Masquerading
3- configure the firewall (iptable -A ...)
4- bring the external interface back up (ifup eth1)
5- /etc/init.d/iptables save active (set the current config to load at boot)
6- /etc/init.d/iptables restart
7- iptables -L

Maybe i should add some backup feature as well, oh well this works and it's
so easy :-) No more re-typing rules like a trained monkey, finally i caught
on, hehe.

It's pretty late for me and i've been doing far to much computerstaring so
forgive if this is not a complete answer but i think it is.

Greets,

Joris

----- Original Message -----
From: "Glenn Hocking" <glenn@sitegeneral.com>
To: <debian-isp@lists.debian.org>
Sent: Thursday, March 13, 2003 3:14 AM
Subject: iptables default


> Hi all
>
> I've got a couple of simple port forwarding rules to forward from a
> debian/testing ADSL Internet gateway to a citrix box but are unsure how
> to make them stay loaded after a reboot.
>
> Is there a default rule table somewhere? Or do I need to just execute
> the commands from a script on startup?
>
> iptables -t nat -A PREROUTING -p tcp --dport 1494 -j DNAT
> --to-destination 10.0.2.110
> iptables -t nat -A PREROUTING -p udp --dport 1604 -j DNAT
> --to-destination 10.0.2.110
>
> Thanks
> Glenn Hocking
>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>

Reply to:

References:
- iptables default
  - From: Glenn Hocking <glenn@sitegeneral.com>

Prev by Date: Re: iptables default
Next by Date: Re: iptables default
Previous by thread: Re: iptables default
Next by thread: Re: iptables default
Index(es):
- Date
- Thread