Route iptables and ip_forward help needed

The place to post if you need help or advice

Moderators: ChrisThornett, LXF moderators

Route iptables and ip_forward help needed

Postby tommi » Tue May 17, 2005 7:31 am

I have a 2 computer netwrok at home, machine 1 windos xp and machine 2 mandrake 10.1. The mandrake box is acts as the server for the windows machine and shares the internet connection.

My trouble is that everytime the intenet is restarted i have to enter the following 3 commands as su.

iptablles -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
route add default ppp0

What files do i need to edit, to put those commands into so i dont have to manually do this each time.

Thank you for your time and concideration.
tommi
 
Posts: 1
Joined: Tue May 17, 2005 7:21 am

RE: Route iptables and ip_forward help needed

Postby jjmac » Tue May 17, 2005 9:02 am

Howdy,

Depends on how you start your networking i guess...

Sounds like it just needs to put into one of your networking start up scripts.

In my case, i allow basic networking to be setup at boot, which is to a console ... then go into run level 2 with starting X. There all extra networking things get killed, such as iptables and sniffers etc. If i want to go onlin, i used to just go into level 3 which would kill a couple of daemons, then run a couple of scripts to set up iptables etc. With the 2.6.10 kernel though, it wont give me any echo feed back when i do a 'telinit 3' ... so now i just run a script to do the same and don't bother with the level change.

Have a look over the scripts invoked when networking is setup your way. Possibly you could slot it into one of those. Such as /etc/init.d/networking. The path might be different though.

jm

Code: Select all
  -:-  If the system is the answer, then the question
                    must have been really stupid                -:-
http://counter.li.org
#313537

The FVWM wm -=- www.fvwm.org -=-

Somebody stole my air guitar, It happened just the other day,
But it's ok, 'cause i've got a spare ...
jjmac
LXF regular
 
Posts: 1996
Joined: Fri Apr 08, 2005 1:32 am
Location: Sydney, Australia

Postby mugstar » Tue May 17, 2005 9:24 am

The comments in /etc/rc.d/rc.local say
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

That's where I had to put `ifup eth0`, since mandrake otherwise refused to set up networking at boot. LE2005 seems very flaky to me...
mugstar
LXF regular
 
Posts: 184
Joined: Mon Apr 11, 2005 12:43 am
Location: Scotland

RE: Route iptables and ip_forward help needed

Postby smita034 » Tue May 17, 2005 9:25 am

what i would do (again i dont know the paths for this distro so it might be else where) is;

put a script in /etc/rc3.d called S<number>iptables (If i remember correctly you can use any number that isnt in use at the moment, for ease sake, lets say 99)

in the S99iptables file

Code: Select all
#! /bin/sh
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
route add default ppp0
I think this should work but I haven't done it for a while so correct me if im wrong :)

That should make it automaticly get run @ runlevel 3.

hope that helps
Alex A. Smith
99% of all computer problems occur between the chair and keyboard
User avatar
smita034
 
Posts: 29
Joined: Tue Apr 26, 2005 1:13 pm
Location: Rochester, Kent, UK

RE: Route iptables and ip_forward help needed

Postby jjmac » Thu May 19, 2005 12:38 pm

Depending how it is setup on your system ... An other idea is to append the file that sets up 'iptables' with something like

-------------------------------------------------------------------------
iptables-save > /home/jmd/common/firewall/ipt-save
chown jmd:jmd /home/jmd/common/firewall/ipt-save
echo -e "\n iptable setup saved to common/firewall dir"
--------------------------------------------------------------------------

Then provide your own customisations. That way you get a dump of how the package facility is setting things, before they are alted by any custom additions.


>>
My trouble is that everytime the intenet is restarted i have to enter the following 3 commands as su.
.
.
.
What files do i need to edit, to put those commands into so i dont have to manually do this each time.
>>

It would be interesting to know just how it is started in the first place ... Your logs in /var/log may have a trace on that. Or putting an 'echo' command in likely looking scripts in 'init.d' may give you a mark for when there run, I know, typo heaven ... but ..., just back the file(s) first, and have a LiveCD handy to 'cp' the backup back to where it should be if necessary.

A good startup script, imo, should save the existing state, then destroy any existing configuration ... then recreate/initialise the whole thing. Rather than just doing it once when you bootup, or go into X.

If the iptables side is started/handled by a package of some sought ... listing its contents should reveal any scripts that are being used there.

Even just looking through /usr/sbin or /sbin for anything that loks like it might be involved would be an idea. The thing with iptables and such ... there are a number of various ways to go about it depending on preferences.

>>
echo 1 > /proc/sys/net/ipv4/ip_forward
route add default ppp0
>>

That sounds like the type of thing that could be started at boot via an .../init.d/network script, but an iptables script will often involve itself there as well.


jm

Code: Select all

     -:-  If the system is the answer, then the question
                     must have been really stupid                  -:-
http://counter.li.org
#313537

The FVWM wm -=- www.fvwm.org -=-

Somebody stole my air guitar, It happened just the other day,
But it's ok, 'cause i've got a spare ...
jjmac
LXF regular
 
Posts: 1996
Joined: Fri Apr 08, 2005 1:32 am
Location: Sydney, Australia

RE: Route iptables and ip_forward help needed

Postby tomulli » Thu Jun 30, 2005 11:48 pm

for enabling iptables in runlevels write:
>>
chkconfig --add --level 235 iptables on
>>

for enabling ip_forwarding after reboot in RedHat like systems (i just test it on friends MDK 10.1)add

>>
FORWARD_IPV4=true
>>

into /etc/sysconfig/network


and for saving iptables rules use

>>
/etc/init.d/iptables save
>>

good luck

tomulli
tomulli
 


Return to Help!

Who is online

Users browsing this forum: No registered users and 2 guests