-
November 30th, 2003, 12:44 PM
#1
Senior Member
script for iptables
hi all
i have just managed to setup my linux box as a gateway for my windoz network
however, i had to manualy type in the iptable commands and these are lost on a reboot
i have tried, very unsuccesfully to have a go at a script, the only one i can get to work is
'hello world'!!
could some one show me how to set a script up which does this, and then tell me where to shove it!! should it go in /etc/5rc.d??
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
at the moment i have to be root at a prompt in /sbin to get this going
cheers in advance m
like life, this is a test
-
November 30th, 2003, 12:51 PM
#2
You'll need to define your shell, interfaces and put absolute paths in for the script.
e.g.,
#!/bin/sh
#line above says which shell we are using. You can also change it to #!/bin/bash
#Set the path the file will use
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
# Set your ethernet variables with appropriate ip
eth0 = "192.168.0.1"
eth1 = "192.168.1.1"
# You can also set a variable in place of the iptables name itself.
IPTABLES = "/sbin/iptables"
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
Save the file in the appropriate directory. Set the perms to 700. Then type ./filename
This link gives a nice tut on iptables as well as has a sample script. You can find more samples by doing a google search for "iptables+samples".
-
November 30th, 2003, 12:58 PM
#3
Senior Member
no need for ./iptables
so there is no need for ./ in the script then?
and if i want it to run on boot up where should i place it??
thanks for the quick reply
like life, this is a test
-
November 30th, 2003, 01:01 PM
#4
No.. the ./ should be done outside the script. Place the script in the rc.d directories where you boot up so that it is called everytime. I'd put it into rc.3 and rc.5.
I'd also change the inittab to boot into runlevel 3 (non-gui mode) because if you have graphic problems you are better able to troubleshoot them from the console. (gives you more power ).
You can edit the line in the inittab (found in the etc directory) from
to
Then, when you start up, you log in at the command line and then type startx to get to GUI mode.
(bah.. I pressed enter before finishing the post)
-
November 30th, 2003, 01:04 PM
#5
Senior Member
will have a go
will have a go with this then does it matter what i call the script?
when i had a go most of my services filed to start!! smb, all eth0 interfaces!!
ps you any good with samba??!!
like life, this is a test
-
November 30th, 2003, 01:07 PM
#6
You could call it gobbleygook if you wanted. The daemon that starts services (most likely xinetd) doesn't care about the name as long as the script is understandable.
Samba isn't one of my strong points. I understand it but haven't configured it. In what context do you need help with it?
-
November 30th, 2003, 01:11 PM
#7
Senior Member
i got it going
i used to run linux on an old iMac
i got it running then
now using redhat with the same smb.conf file
and getting no joy
do not panic as happy i can share internet connection with PC boxes i have
like life, this is a test
-
November 30th, 2003, 02:27 PM
#8
Go and grab a copy of gShield - only 47kb and has a very easy to understand config (gShield.conf) file which sets up iptables for you .... when installed it usually lives at /etc/firewall/gShield.rc (the executable that reads the conf file) - unless you want it somewhere else. It is also very configurable .... also when unpacked there is a /doc directory to help you sort things out - although the conf file is pretty self explanatory.
Then by appending - /etc/firewall/gShield.rc - in your rc.local file and your firewall will start up on boot.
gShield can be obtained from http://muse.linuxmafia.org/gshield/
-
November 30th, 2003, 04:12 PM
#9
Member
If I remember correctly, iptables comes with two programs called: iptables-save and iptables-restore.
You can use these to save and restore your rules from a script.
~netRealm
-
November 30th, 2003, 05:50 PM
#10
Senior Member
new problem
i now have a new problem
XP seemed to behave very well and worked a dream
enterd my isp's dns number and that was it
now i am trying to set up my win ME box and it will not let my just put in the DNS numbers it is asking for a host
have tried all sorts what should i do??
like life, this is a test
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|