[Techtalk] moving to iptables

Tue Aug 5 10:16:51 EST 2003

On Tuesday 05 August 2003 4:01 am, Hamster wrote:
> Wendy,
>
> > # modprobe iptable_nat
> > # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > # echo "1" > /proc/sys/net/ipv4/ip_forward
> >
> > You can run these from the command line, in this order, for testing. Once
> > you get your rules figured out, put 'em in a script.
>
> Setting up iptables is even simpler than this.
>
> You don't have to manually load the nat module because iptables supports
> automatic module loading. It loads the right module as soon as it sees that
> module mentioned in one of the rules. So in this case, as soon as it sees
> you've specified the target -j MASQUERADE, it automatically loads the nat
> module.
>
> Nor do you have to write a script to load the rules automatically on boot.
> If you're using RedHat, Mdk or Deb, they come with a "save" facility. Take
> Mandrake for example. Once you write your rules by entering them one at a
> time on the command line, you then run the command "service iptables save"
> and that saves all your rules and loads them automatically when your
> computer boots.
>
> The ipforwarding line (the command listed above as echo 1 > /proc etc)
> doesnt need to be scripted either. RH/Mdk/Deb all come with a special file
> that you use for telling your machine about any /proc entries. The file in
> question is /etc/sysctl.conf, and in this specific case you need to add the
> line net.ipv4.ip_forward = 1 and that takes care of forwarding.
>
> The best place for iptables info is its own website.
> http://www.netfilter.org/
> This site contains its own doco, and links to lots of other tutorials as
> well.
>
> Hamster

See, you don't need opposable thumbs to be smart!

Carla

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
www.tuxcomputing.com
this message brought to you
by Libranet 2.7 and Kmail
~~~~~~~~~~~~~~~~~~~~~~~~~