iptables forwarding not working/iptables-save not saving
Antonio Olivares
olivares14031 at yahoo.com
Thu Nov 20 20:26:26 UTC 2008
--- On Thu, 11/20/08, Antonio Olivares <olivares14031 at yahoo.com> wrote:
> From: Antonio Olivares <olivares14031 at yahoo.com>
> Subject: iptables forwarding not working/iptables-save not saving
> To: fedora-test-list at redhat.com
> Date: Thursday, November 20, 2008, 12:21 PM
> Dear fellow testers,
>
> I am trying to setup a little dhcp server at school for my
> machines that my students use at school. Iptables is not
> saving :(
>
> [root at localhost ~]# rpm -qa iptables*
> iptables-1.4.1.1-2.fc10.i386
> iptables-ipv6-1.4.1.1-2.fc10.i386
>
>
> Thanks,
>
> Antonio
>
>
>
>
> --
Sorry for double post :( Yahoo mail was misbehaving :(
Here's some info to clarify things
[root at localhost ~]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
[root at localhost ~]# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT [1]+ Done gedit /etc/sysconfig/iptables
[root at localhost ~]# iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
[root at localhost ~]# iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210
[root at localhost ~]# iptables-save
# Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008
*nat
:PREROUTING ACCEPT [5:692]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210
COMMIT
# Completed on Thu Nov 20 13:14:50 2008
# Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008
*filter
:INPUT ACCEPT [2483:1813687]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2598:1049836]
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Nov 20 13:14:50 2008
[root at localhost ~]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
iptables: Loading additional modules: ip_conntrack_netbios_[ OK ]
[root at localhost ~]# service dhcpd start
Starting dhcpd: [ OK ]
[root at localhost ~]#
The iptables get back to original state. error in iptables-save ?/bug
[root at localhost ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Revelant Threads on Fedora-list in case they may apply :
http://marc.info/?t=122712848600004&r=1&w=2
http://marc.info/?t=122671142400005&r=1&w=2
Thank you in Advance,
Antonio
More information about the fedora-test-list
mailing list