Hi Glenn, I've just got some grip on iptables myself, finally.
#/etc/init.d/iptables save active will make the currently loaded tables active at next reboot, that is, if you enabled the init.d script for iptables, if you did not do so run #dpkg-reconfigure iptables and say Y to enable the init.d script at bootup, this will configure the ln -s to the /etc/init.d/iptables script in the rcN.d directory's/runleveldirectory's. Personally i've made a script called fwc.sh wich i optimize and then execute, this way it's really fast to start up a script and i cannot loose any specific settings unless i'm doing something really really stupid. what i do in this script is about the following. 1- bring down the external interface (ifdown eth1) 2- set up the policy en IP Masquerading 3- configure the firewall (iptable -A ...) 4- bring the external interface back up (ifup eth1) 5- /etc/init.d/iptables save active (set the current config to load at boot) 6- /etc/init.d/iptables restart 7- iptables -L Maybe i should add some backup feature as well, oh well this works and it's so easy :-) No more re-typing rules like a trained monkey, finally i caught on, hehe. It's pretty late for me and i've been doing far to much computerstaring so forgive if this is not a complete answer but i think it is. Greets, Joris ----- Original Message ----- From: "Glenn Hocking" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 13, 2003 3:14 AM Subject: iptables default > Hi all > > I've got a couple of simple port forwarding rules to forward from a > debian/testing ADSL Internet gateway to a citrix box but are unsure how > to make them stay loaded after a reboot. > > Is there a default rule table somewhere? Or do I need to just execute > the commands from a script on startup? > > iptables -t nat -A PREROUTING -p tcp --dport 1494 -j DNAT > --to-destination 10.0.2.110 > iptables -t nat -A PREROUTING -p udp --dport 1604 -j DNAT > --to-destination 10.0.2.110 > > Thanks > Glenn Hocking > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
