Difference between revisions of "Iptables"

__NOTOC__

== Howto setup iptables on CentOS/Fedora ==

Rules are always read from /etc/sysconfig/iptables, but if any "save" option is enable in /etc/sysconfig/iptables, the rules added from the command line are keep in memory, but won't be available on system reboot.

It happens in Fedora that rules in /etc/sysconfig/iptables are overriden until iptables daemon is restarted.

To make the system load our rules on reboot and everytime, you must ensure the rules that /etc/iptables.rules file does exist, an has the rules you just created.

== How to setup a gateway with 2 Virtual NICs on GNU/Debian ==

For any given host with 2 virtual NICs (alias IP) the steps to setup the host as gateway are:

Let say:

<pre><nowiki>

- WAN = eth0 -> 10.11.12.10

- LAN = eth0:1 -> 192.168.10.10

</nowiki></pre>

# Add to iptables the proper nat rules in order to ensure SNAT through the "Out to the world" NIC.

<pre><nowiki>

*nat

:PREROUTING ACCEPT [891:110412]

:POSTROUTING ACCEPT [92:11129]

:OUTPUT ACCEPT [241:27547]

-A POSTROUTING -o eth0 -j MASQUERADE

-A POSTROUTING -o eth0 -j SNAT --to-source 10.11.12.10

COMMIT

</nowiki></pre>

# Because both network IPs are in the same NIC, then add to the filter section a forward in both directions:

<pre><nowiki>

-A FORWARD -i eth0 -j ACCEPT

-A FORWARD -o eth0 -j ACCEPT

</nowiki></pre>

# Ensure ip forwarding on kernel by setting the proper parameter to "1" in /etc/sysctl

<pre><nowiki>

net.ipv4.ip_forward = 1

</nowiki></pre>

# Load the previous modification:

<pre><nowiki>

sysctl -p

</nowiki></pre>