iptables configuration

[mrbrklyn]

I want to ditch network manager and put in a static network config

I set up things in /etc/conf.d/net

Now I need to put in a simple iptable command for masquarading and I don't see how it fits within the complex /etc/init.d/iptables configuration.


I have to create a rule and then save it, but I don't see where or docs on the form of the file

/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Also, I don't see how to turn on port forwarding.

[charles17]

Have you seen the iptables wiki article?
Then see https://www.systutorials.com/816/port-forwarding-using-iptables/

[szatox]

IPv4 forwarding in runtime:
sysctl net.ipv4.conf.all.forwarding=1
IPv6 forwarding in runtime:
sysctl net.ipv6.conf.all.forwarding=1
To make it persistent, put params from those commands above into a config file you can find in /etc (so they will be loaded on every boot)

Gentoo comes with iptables service. It has a non-standard command "save", which dumps current rules to a file somewhere in /var/lib, and loads those rules back when the service starts, which makes a pretty nice and easy to use interface. You just set your rules manually, and once you're happy with them, you use 'service iptables save' to make them permanent.

[pjp]

Moved from Other Things Gentoo to Networking & Security.
_________________
Quis separabit? Quo animo?

[mrbrklyn]

[mrbrklyn]

[mrbrklyn]

[Hu]

The persistent sysctl file szatox hinted at has a very subtle name: /etc/sysctl.conf. Put the settings there. Ensure that rc service sysctl is in the boot runlevel. That will enable IP packet forwarding for IPv4/IPv6, as appropriate. Separately, you may need iptables rules if the forwarded traffic needs to be rewritten.