Iptables

From Bashlinux
Revision as of 07:45, 28 February 2015 by Manpaz (talk | contribs) (iptables)
Jump to: navigation, search

Howto setup iptables on CentOS/Fedora

Rules are always read from /etc/sysconfig/iptables, but if any "save" option is enable in /etc/sysconfig/iptables, the rules added from the command line are keep in memory, but won't be available on system reboot.

It happens in Fedora that rules in /etc/sysconfig/iptables are overriden until iptables daemon is restarted.

To make the system load our rules on reboot and everytime, you must ensure the rules that /etc/iptables.rules file does exist, an has the rules you just created.

How to setup a gateway with 2 Virtual NICs on GNU/Debian

For any given host with 2 virtual NICs (alias IP) the steps to setup the host as gateway are:

Let say: 

  - WAN = eth0   -> 10.11.12.10
  - LAN = eth0:1 -> 192.168.10.10


  1. Add to iptables the proper nat rules in order to ensure SNAT through the "Out to the world" NIC.
 *nat
 :PREROUTING ACCEPT [891:110412]
 :POSTROUTING ACCEPT [92:11129]
 :OUTPUT ACCEPT [241:27547]
 -A POSTROUTING -o eth0 -j MASQUERADE 
 -A POSTROUTING -o eth0 -j SNAT --to-source 10.11.12.10
 COMMIT
  1. Because both network IPs are in the same NIC, then add to the filter section a forward in both directions:
 -A FORWARD -i eth0 -j ACCEPT 
 -A FORWARD -o eth0 -j ACCEPT
  1. Ensure ip forwarding on kernel by setting the proper parameter to "1" in /etc/sysctl
 net.ipv4.ip_forward = 1
  1. Load the previous modification:
 sysctl -p
Retrieved from "http://wiki.bashlinux.com/index.php?title=Iptables&oldid=635"