Find the answer to your Linux question:
Results 1 to 5 of 5
I have my RedHat 9.0 system up and configured as a gateway for my home network. The only trouble is that I have to run the following script as root ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2003
    Posts
    6

    how to configure iptables automatically at bootup?


    I have my RedHat 9.0 system up and configured as a gateway for my home network. The only trouble is that I have to run the following script as root every time the system starts:

    /sbin/iptables --flush
    /sbin/iptables --table nat --flush
    /sbin/iptables --delete-chain
    /sbin/iptables --table nat --delete-chain

    /sbin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
    /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT

    Once this script is run as root, all of the other computers can access the internet properly. However, I really want to have this system configure itself when it starts up, so when it reboots (and I'm not home) someone doesn't have to log in, su, and run the script. After a little research, I tried putting this script into the /etc/rc.d/rc3.d, but I believe that script cannot access things forbidden to mere users.

    So my question is...can I make that script execute properly in the rc3.d by chmodding something? Or is there some intelligent way to make this happen transparently?

    By the way, I don't know what the hell I'm doing.

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Don't do that. RH has a built in iptables startup script. After you have run the commands that you provided in your post once, run this:
    Code:
    iptables-save >/etc/sysconfig/iptables
    Also, make sure that the system is set up to initialize this at boot. If the file /etc/rc.d/rc3.d/S08iptables doesn't exist, run this to create it:
    Code:
    ln -s ../init.d/iptables /etc/rc.d/rc3.d/S08iptables
    After you have done that, it should be done automatically upon boot. Just remember to verify it.

  3. #3
    Just Joined!
    Join Date
    Aug 2003
    Posts
    6

    No dice....

    Thanks for your reply, but I was unable to get it to work.

    I booted the system fresh, ran the commands, and then ran:

    Code:
    /sbin/iptables-save >/etc/sysconfig/iptables
    This is what /sbin/iptables-save generates.

    Code:
    # Generated by iptables-save v1.2.7a on Tue Aug 19 13:05:52 2003
    *nat
    :PREROUTING ACCEPT [3235:317215]
    :POSTROUTING ACCEPT [2727:163836]
    :OUTPUT ACCEPT [2727:163836]
    -A POSTROUTING -o ppp0 -j MASQUERADE 
    COMMIT
    # Completed on Tue Aug 19 13:05:52 2003
    # Generated by iptables-save v1.2.7a on Tue Aug 19 13:05:52 2003
    *filter
    :INPUT ACCEPT [103533:7222990]
    :FORWARD ACCEPT [43749:13281666]
    :OUTPUT ACCEPT [103312:7173996]
    -A FORWARD -i eth0 -j ACCEPT 
    COMMIT
    # Completed on Tue Aug 19 13:05:52 2003
    I also noticed that when I boot up it displays serveral new messages that can be found it /etc/rc.d/rc3.d/S08iptables:

    Code:
    Flushing all current rules and user defined chains:    [ok]
    Clearing all current rules and user defined chains:   [ok]
    Applying iptables firewall rules:                              [ok]
    It looks like everything is working ok, but it doesn't work. Does it matter that these rules are being applied BEFORE ppp0 eth0 and eth1 are being initialized?[/code]

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Aug 2003
    Posts
    6

    After some experimenting

    I've found that I can now do without the first six commands in the script. The only one that needs to be done manually is this one (which i accidentally forgot to include with the first post):

    echo 1 > /proc/sys/net/ipv4/ip_forward

    If I enter this one command, it now works without having to run the whole script.

    Any clue how I might automate this?

  6. #5
    Just Joined!
    Join Date
    Aug 2003
    Posts
    6

    Never mind

    I found the answer...

    I went into /etc/sysctl.conf and set net.ip_forward to 1. It works great now, thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •