[Techtalk] moving to iptables
Hamster
hamster at hamsternet.org
Tue Aug 5 13:01:01 EST 2003
Wendy,
> # modprobe iptable_nat
> # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> # echo "1" > /proc/sys/net/ipv4/ip_forward
> You can run these from the command line, in this order, for testing. Once
> you get your rules figured out, put 'em in a script.
Setting up iptables is even simpler than this.
You don't have to manually load the nat module because iptables supports
automatic module loading. It loads the right module as soon as it sees that
module mentioned in one of the rules. So in this case, as soon as it sees
you've specified the target -j MASQUERADE, it automatically loads the nat
module.
Nor do you have to write a script to load the rules automatically on boot.
If you're using RedHat, Mdk or Deb, they come with a "save" facility. Take
Mandrake for example. Once you write your rules by entering them one at a
time on the command line, you then run the command "service iptables save"
and that saves all your rules and loads them automatically when your
computer boots.
The ipforwarding line (the command listed above as echo 1 > /proc etc)
doesnt need to be scripted either. RH/Mdk/Deb all come with a special file
that you use for telling your machine about any /proc entries. The file in
question is /etc/sysctl.conf, and in this specific case you need to add the
line net.ipv4.ip_forward = 1 and that takes care of forwarding.
The best place for iptables info is its own website.
http://www.netfilter.org/
This site contains its own doco, and links to lots of other tutorials as
well.
Hamster
More information about the Techtalk
mailing list