Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: script for iptables

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    101

    script for iptables

    hi all

    i have just managed to setup my linux box as a gateway for my windoz network

    however, i had to manualy type in the iptable commands and these are lost on a reboot

    i have tried, very unsuccesfully to have a go at a script, the only one i can get to work is

    'hello world'!!

    could some one show me how to set a script up which does this, and then tell me where to shove it!! should it go in /etc/5rc.d??

    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain

    iptables --table nat --append POSTROUTING --out interface eth0 -j MASQUERADE
    iptables --append FORWARD --in-interface eth1 -j ACCEPT

    at the moment i have to be root at a prompt in /sbin to get this going

    cheers in advance m
    like life, this is a test

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    You'll need to define your shell, interfaces and put absolute paths in for the script.

    e.g.,


    #!/bin/sh
    #line above says which shell we are using. You can also change it to #!/bin/bash

    #Set the path the file will use
    PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

    # Set your ethernet variables with appropriate ip
    eth0 = "192.168.0.1"
    eth1 = "192.168.1.1"

    # You can also set a variable in place of the iptables name itself.
    IPTABLES = "/sbin/iptables"

    iptables --flush
    iptables --table nat --flush
    iptables --delete-chain
    iptables --table nat --delete-chain

    iptables --table nat --append POSTROUTING --out interface eth0 -j MASQUERADE
    iptables --append FORWARD --in-interface eth1 -j ACCEPT
    Save the file in the appropriate directory. Set the perms to 700. Then type ./filename

    This link gives a nice tut on iptables as well as has a sample script. You can find more samples by doing a google search for "iptables+samples".
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    101

    no need for ./iptables

    so there is no need for ./ in the script then?

    and if i want it to run on boot up where should i place it??

    thanks for the quick reply
    like life, this is a test

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    No.. the ./ should be done outside the script. Place the script in the rc.d directories where you boot up so that it is called everytime. I'd put it into rc.3 and rc.5.

    I'd also change the inittab to boot into runlevel 3 (non-gui mode) because if you have graphic problems you are better able to troubleshoot them from the console. (gives you more power ).

    You can edit the line in the inittab (found in the etc directory) from

    id:5:initdefault:
    to

    id:3:initdefault:
    Then, when you start up, you log in at the command line and then type startx to get to GUI mode.


    (bah.. I pressed enter before finishing the post)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    101

    will have a go

    will have a go with this then does it matter what i call the script?

    when i had a go most of my services filed to start!! smb, all eth0 interfaces!!

    ps you any good with samba??!!
    like life, this is a test

  6. #6
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    You could call it gobbleygook if you wanted. The daemon that starts services (most likely xinetd) doesn't care about the name as long as the script is understandable.

    Samba isn't one of my strong points. I understand it but haven't configured it. In what context do you need help with it?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  7. #7
    Senior Member
    Join Date
    Jun 2003
    Posts
    101

    i got it going

    i used to run linux on an old iMac
    i got it running then
    now using redhat with the same smb.conf file
    and getting no joy

    do not panic as happy i can share internet connection with PC boxes i have
    like life, this is a test

  8. #8
    Senior Member
    Join Date
    May 2002
    Posts
    450
    Go and grab a copy of gShield - only 47kb and has a very easy to understand config (gShield.conf) file which sets up iptables for you .... when installed it usually lives at /etc/firewall/gShield.rc (the executable that reads the conf file) - unless you want it somewhere else. It is also very configurable .... also when unpacked there is a /doc directory to help you sort things out - although the conf file is pretty self explanatory.

    Then by appending - /etc/firewall/gShield.rc - in your rc.local file and your firewall will start up on boot.

    gShield can be obtained from http://muse.linuxmafia.org/gshield/

  9. #9
    If I remember correctly, iptables comes with two programs called: iptables-save and iptables-restore.
    You can use these to save and restore your rules from a script.

    ~netRealm

  10. #10
    Senior Member
    Join Date
    Jun 2003
    Posts
    101

    new problem

    i now have a new problem

    XP seemed to behave very well and worked a dream

    enterd my isp's dns number and that was it

    now i am trying to set up my win ME box and it will not let my just put in the DNS numbers it is asking for a host

    have tried all sorts what should i do??
    like life, this is a test

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •