how to configure iptables automatically at bootup?

[rafiki_squirrel]

I have my RedHat 9.0 system up and configured as a gateway for my home network. The only trouble is that I have to run the following script as root every time the system starts:

/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain

/sbin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT

Once this script is run as root, all of the other computers can access the internet properly. However, I really want to have this system configure itself when it starts up, so when it reboots (and I'm not home) someone doesn't have to log in, su, and run the script. After a little research, I tried putting this script into the /etc/rc.d/rc3.d, but I believe that script cannot access things forbidden to mere users.

So my question is...can I make that script execute properly in the rc3.d by chmodding something? Or is there some intelligent way to make this happen transparently?

By the way, I don't know what the hell I'm doing.

[Dolda2000]

Don't do that. RH has a built in iptables startup script. After you have run the commands that you provided in your post once, run this:

Code:

iptables-save >/etc/sysconfig/iptables

Also, make sure that the system is set up to initialize this at boot. If the file /etc/rc.d/rc3.d/S08iptables doesn't exist, run this to create it:

Code:

ln -s ../init.d/iptables /etc/rc.d/rc3.d/S08iptables

After you have done that, it should be done automatically upon boot. Just remember to verify it.

[rafiki_squirrel]

Thanks for your reply, but I was unable to get it to work.

I booted the system fresh, ran the commands, and then ran:

Code:

/sbin/iptables-save >/etc/sysconfig/iptables

This is what /sbin/iptables-save generates.

Code:

# Generated by iptables-save v1.2.7a on Tue Aug 19 13:05:52 2003
*nat
:PREROUTING ACCEPT [3235:317215]
:POSTROUTING ACCEPT [2727:163836]
:OUTPUT ACCEPT [2727:163836]
-A POSTROUTING -o ppp0 -j MASQUERADE 
COMMIT
# Completed on Tue Aug 19 13:05:52 2003
# Generated by iptables-save v1.2.7a on Tue Aug 19 13:05:52 2003
*filter
:INPUT ACCEPT [103533:7222990]
:FORWARD ACCEPT [43749:13281666]
:OUTPUT ACCEPT [103312:7173996]
-A FORWARD -i eth0 -j ACCEPT 
COMMIT
# Completed on Tue Aug 19 13:05:52 2003

I also noticed that when I boot up it displays serveral new messages that can be found it /etc/rc.d/rc3.d/S08iptables:

Code:

Flushing all current rules and user defined chains:    [ok]
Clearing all current rules and user defined chains:   [ok]
Applying iptables firewall rules:                              [ok]

It looks like everything is working ok, but it doesn't work. Does it matter that these rules are being applied BEFORE ppp0 eth0 and eth1 are being initialized?[/code]

[rafiki_squirrel]

I've found that I can now do without the first six commands in the script. The only one that needs to be done manually is this one (which i accidentally forgot to include with the first post):

echo 1 > /proc/sys/net/ipv4/ip_forward

If I enter this one command, it now works without having to run the whole script.

Any clue how I might automate this?

[rafiki_squirrel]

I found the answer...

I went into /etc/sysctl.conf and set net.ip_forward to 1. It works great now, thanks