| View previous topic :: View next topic |
| Author |
Message |
n3odi
Tux's lil' helper
Joined: 07 Jul 2004
Posts: 87
Location: Florida
|
 Posted: Fri Oct 29, 2004 2:06 pm Post subject: IPTABLES help and a few simple questions. |
 |
|
Hello, recently I got a box to run gentoo flawlessly with 2.6.8-r10 and NPTL.
I installed iptables according to the gentoo "home router" guide, and I did what it said just to get the basic network working without dhcp or any of that junk. Now it actually works and I'm so happy because this is my sucessfull linux router for starters  (even though I know I have tons to learn).
The only place where I began to run into some problems is when I tried the port forwarding method, but then whatever I was trying to forward with the correct ip address and stuff didn't work. And when I did "iptables -L" it did show anything that I created, or how do I check all my rules? This brings me to my next question...
Lots of sites and people that use the notoriously shitty redhat talk about some config file somewhere with all the rules in it? But I tryed all of them such as /etc/sysconfig/iptables and plenty others but I can't seem to find that file anywhere. Does Gentoo iptables have a rules configuration file? And if so, could someone tell me where it is?
You can probably tell I don't know much or anything about iptables at all, if anyone has any tutorials (under 50 pages lol) can you point me in the right direction? Also I'm sure all the options in the kernel are correct, I've went over them many times.
Sorry for typing so much, but I highlighted the basic points hehe. I would greatly appreciate all the help |
|
| Back to top |
|
 |
jacob's ladder
n00b
Joined: 22 Oct 2003
Posts: 68
Location: underwater
|
| Posted: Fri Oct 29, 2004 3:11 pm Post subject: |
|
|
i use this command to view my rules:
i just add the -n so that it won't try to resolve that addresses and makes it a bit quicker. It is good for you to learn how iptables work, but if you want a config file to get you going, i would suggest using shorewall (in portage). then go to /etc/shorewall and edit the files to your liking. there are a few files that you won't need, so don't get to overwhelmed with shorewall. it's as easy or complex as you want it to be. hope this helps.
_________________
Smith & Wesson: the original point-and-click interface. |
|
| Back to top |
|
|
arkahn
n00b
Joined: 27 May 2003
Posts: 12
Location: Sioux Falls, SD
|
| Posted: Fri Oct 29, 2004 3:12 pm Post subject: |
|
|
(parts of) IPTABLES 101 (<-- my made-up version)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
1) When you did an iptables -L, you were only listing the rules in the filter table. Port forwarding takes place in the nat table, so you just happened to not be looking in the right place.
Rules are individual entries made via the iptables command. Rules are contained in chains. Chains are contained in tables. So, to list all your rules, you have to list all the chains in all the tables.
iptables has three built-in tables (by default). They are: filter, nat, and mangle. Here's an example of commands that will list everything:
| Code: |
/sbin/iptables -nvL --exact -t filter
/sbin/iptables -nvL --exact -t nat
/sbin/iptables -nvL --exact -t mangle
|
Depending on how your kernel is compiled, you may or may not have all those tables. Also, notice the first line could have been typed:
| Code: |
/sbin/iptables -nvL --exact
|
...or... the way you typed it (close to the same info):
The filter table is the default when a table is not otherwise named.
The format of the output will be each chain listed in order for each table. Order is important for chains and rules. Rules are processed top to bottom (first to last). Of course, not all rules may be processed, depending upon what your rules do ... this is probably a little OT.
2) In Gentoo, by default, iptables does nothing and the default policy is to ACCEPT. Part the iptables configuration is in:
| Code: | | /etc/conf.d/iptables |
Other configuration information is pointed to in that file.
After you have some rules in place, you can do an
to save them for the future.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
There's plenty of tutorials and documentation on iptables ... be sure you do a 'man iptables' at some point. See also: 'man iptables-save', 'man iptables-restore'. |
|
| Back to top |
|
|
n3odi
Tux's lil' helper
Joined: 07 Jul 2004
Posts: 87
Location: Florida
|
| Posted: Fri Oct 29, 2004 4:30 pm Post subject: |
|
|
Thank you very much jacob's ladder amd arkahn 
I'll look into shorewall, it sounds interesting.
arkahn, thanks a lot for writing that exellent iptables 101. That helped clear up a lot of things for me. Now I understand how the basic things work, just have to fiddle around with rules and whatnot I appreciate your help and time to write that very much |
|
| Back to top |
|
|
arkahn
n00b
Joined: 27 May 2003
Posts: 12
Location: Sioux Falls, SD
|
| Posted: Mon Nov 01, 2004 4:42 pm Post subject: |
|
|
Np man. Also, I should have included an iptables diagram. I think it helps things make more sense (disclaimer: I didn't make it ... not trying to take credit for this image)
http://dqd.com/~mayoff/notes/linux/iptables.png |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
