--- On Thu, 11/20/08, Antonio Olivares <olivares14031@xxxxxxxxx> wrote: > From: Antonio Olivares <olivares14031@xxxxxxxxx> > Subject: iptables forwarding not working/iptables-save not saving > To: fedora-test-list@xxxxxxxxxx > Date: Thursday, November 20, 2008, 12:21 PM > Dear fellow testers, > > I am trying to setup a little dhcp server at school for my > machines that my students use at school. Iptables is not > saving :( > > [root@localhost ~]# rpm -qa iptables* > iptables-1.4.1.1-2.fc10.i386 > iptables-ipv6-1.4.1.1-2.fc10.i386 > > > Thanks, > > Antonio > > > > > -- Sorry for double post :( Yahoo mail was misbehaving :( Here's some info to clarify things [root@localhost ~]# service iptables stop iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: nat filter [ OK ] iptables: Unloading modules: [ OK ] [root@localhost ~]# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT [1]+ Done gedit /etc/sysconfig/iptables [root@localhost ~]# iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT [root@localhost ~]# iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210 [root@localhost ~]# iptables-save # Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008 *nat :PREROUTING ACCEPT [5:692] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210 COMMIT # Completed on Thu Nov 20 13:14:50 2008 # Generated by iptables-save v1.4.1.1 on Thu Nov 20 13:14:50 2008 *filter :INPUT ACCEPT [2483:1813687] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2598:1049836] -A FORWARD -i eth1 -o eth0 -j ACCEPT -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Thu Nov 20 13:14:50 2008 [root@localhost ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: nat filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] iptables: Loading additional modules: ip_conntrack_netbios_[ OK ] [root@localhost ~]# service dhcpd start Starting dhcpd: [ OK ] [root@localhost ~]# The iptables get back to original state. error in iptables-save ?/bug [root@localhost ~]# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Revelant Threads on Fedora-list in case they may apply : http://marc.info/?t=122712848600004&r=1&w=2 http://marc.info/?t=122671142400005&r=1&w=2 Thank you in Advance, Antonio -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
