thats because of the format of /etc/sysconfig/iptables is not a script..
it is the format generated by iptables-save..
make the top part (the *nat) section of /etc/sysconfig/iptables look
similar to the following to make it work "properly" :)
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
##### POSTROUTING
## MASQ LocalNETs
[0:0] -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth1 -j MASQUERADE
[0:0] -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o ppp+ -j MASQUERADE
COMMIT
On Sat, 2003-02-01 at 17:12, Justin Clacherty wrote:
> I had a similar problem a year or two ago. It's a bit hazy but from what I
> remember the iptables script wouldn't run if put in /etc/sysconfig/iptables,
> I actually had to run it separately after networking had been brought up
> (ran from rc.local I think). All I could put it down to was that as the
> ppp0 device is not a piece of hardware that exists before networking is
> brought up, iptables couldn't reference it (I could very well be wrong...).
> This unfortunately means that there could be a small window of opportunity
> for hackers depending on your configuration. Wasn't a problem for me
> because I had set up ppp for dial on demand so iptables was up and running
> before the system was connected.
>
> Justin.
--
Tommy McNeely <Tommy.McNeely@Sun.com>
Sun Microsystems
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
