Re: systemd e iptables
On Fri, Oct 21, 2016 at 11:42:53AM -0300, JAP wrote:
>
[...]
> El script era una línea en /etc/rc.local.
>
> Pero sacando eso, el teme es que iptables NO ESTÁ CORRIENDO.
>
> Si cargo la regla a mano, y luego listo las reglas activas, me aparece que
> iptables está vacío, como se puede ver acá:
>
> # iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
>
> # iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Como ves, cargo la regla en la línea de comando, y cuando listo las reglas
> activas, no me aparece ninguna.
Eso es por una sola razón: no estás listando la tabla de reglas NAT. El
manual de iptables(8) lo dice claramente:
The tables are as follows:
filter:
This is the default table (if no -t option is passed). It contains
the built-in chains INPUT (for packets destined to local sockets),
FORWARD (for packets being routed through the box), and OUTPUT
(for locally-generated packets).
nat:
This table is consulted when a packet that creates a new
connection is encountered. It consists of three built- ins:
PREROUTING (for altering packets as soon as they come in),
OUTPUT (for altering locally-generated packets before routing),
and POSTROUTING (for altering packets as they are about to go out).
IPv6 NAT support is avail‐ able since kernel 3.7.
Si quieres ver la regla de NAT que agregaste, debieras ejecutar:
# iptables -t nat -L
Saludos.
--
Pablo Jiménez
Reply to: