Re: iptables forwarding not working/iptables-save not saving

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--- On Thu, 11/20/08, Antonio Olivares <olivares14031@xxxxxxxxx> wrote:

> From: Antonio Olivares <olivares14031@xxxxxxxxx>
> Subject: iptables forwarding not working/iptables-save not saving
> To: fedora-test-list@xxxxxxxxxx
> Date: Thursday, November 20, 2008, 12:21 PM
> Dear fellow testers,
> 
> I am trying to setup a little dhcp server at school for my
> machines that my students use at school.  Iptables is not
> saving :(
> 
> [root@localhost ~]# rpm -qa iptables*
> iptables-1.4.1.1-2.fc10.i386
> iptables-ipv6-1.4.1.1-2.fc10.i386
> 
> 
> Thanks,
> 
> Antonio 
> 
> 
>       
> 
> -- 

Sorry for double post :(  Yahoo mail was misbehaving :(  
Here's some info to clarify things 

[root@localhost ~]# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: nat filter      [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@localhost ~]# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT [1]+  Done                    gedit /etc/sysconfig/iptables       
[root@localhost ~]# iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT                                                         
[root@localhost ~]# iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210                                         
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008
*nat                                                             
:PREROUTING ACCEPT [5:692]                                       
:POSTROUTING ACCEPT [0:0]                                       
:OUTPUT ACCEPT [0:0]                                             
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210
COMMIT                                                                     
# Completed on Thu Nov 20 13:14:50 2008                                   
# Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008         
*filter                                                                   
:INPUT ACCEPT [2483:1813687]                                               
:FORWARD ACCEPT [0:0]                                                     
:OUTPUT ACCEPT [2598:1049836]                                             
-A FORWARD -i eth1 -o eth0 -j ACCEPT                                       
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT 
COMMIT                                                                     
# Completed on Thu Nov 20 13:14:50 2008                                   
[root@localhost ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: nat filter      [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
iptables: Loading additional modules: ip_conntrack_netbios_[  OK  ]
[root@localhost ~]# service dhcpd start                           
Starting dhcpd:                                            [  OK  ]
[root@localhost ~]#

The iptables get back to original state.  error in iptables-save ?/bug

[root@localhost ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT


Revelant Threads on Fedora-list in case they may apply :

http://marc.info/?t=122712848600004&r=1&w=2

http://marc.info/?t=122671142400005&r=1&w=2

Thank you in Advance,

Antonio 


      

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux