Re: iptables: forwarding on internal device

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

> -----Original Message-----
> From: centos-bounces@xxxxxxxxxx 
> [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Marcus Moeller
> Sent: Monday, February 09, 2009 6:11 AM
> To: CentOS mailing list
> Subject: Re:  iptables: forwarding on internal device
> 
> Hi again,
> 
> > Yes that would be correct Marcus echo it into /proc or in 
> /etc/sysctl.conf
> > would be
> > # Controls IP packet forwarding
> > net.ipv4.ip_forward = 1
> 
> This is what I have done already. sysctl -p gives me:
> 
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.default.accept_source_route = 0
> kernel.sysrq = 0
> kernel.core_uses_pid = 1
> net.ipv4.tcp_syncookies = 1
> kernel.msgmnb = 65536
> kernel.msgmax = 65536
> kernel.shmmax = 4294967295
> kernel.shmall = 268435456
> 
> The strange thing is that it seems to be blocked by netfilter. I am
> using exactly the same rules on a Slackware Box without any problems.
----
Slackware is the Key here Marcus. The two distros have different modules
built into the kernel by default and maybe a cause for why it is happening?
But Honestly I don't see how you are ever going to forward packets and
requests with the below rule. How are you going to come into and back out of
the same interface? That's why it want traverse How about -i eth0 -o eth1 or
-I eth0 -o eth0:0

-A FORWARD -i eth0 -o eth0 -m state --state \
NEW,RELATED,ESTABLISHED -j ACCEPT

When you use iptables save it does not save the the rules you just put into
it! You will have to edit /etc/sysconfig/iptables-config:

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading
netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="yes"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="yes"

JohnStanley

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux