iptables a routovni

Pátek Leden 9 22:05:36 CET 2004

----- Original Message ----- 
From: "Matejcek Petr" <konference na crhov.komfi.cz>
To: <linux na linux.cz>
Sent: Friday, January 09, 2004 8:47 PM
Subject: iptables a routovni

> zdravim
>
> snazim se nakonfigurovat na routeru iptables ale nejak se mi nedari.
> vsechna pravidla mam napsana v souboru firewall ktery spustim pomoci sh
> firewall start a ulozim pomoci service iptables save. (vse funguje jak
ma )
>
> ovsem po rebootu prestane routovat a musim znovu nastavit pravidla z
> firewall (pritom vypis service iptables status se zda byt v poradku)
>
> prosim poradte kde hledat problem
>
> diky PM
>
> tady je kus souboru firewall:
>
> start()
> {
> #flush
>          /sbin/iptables -t nat -F POSTROUTING
>          /sbin/iptables -t nat -F PREROUTING
>          /sbin/iptables -t nat -F OUTPUT
>          /sbin/iptables -F
> #nastaveni politiky
>          /sbin/iptables -P INPUT DROP
>          /sbin/iptables -P FORWARD DROP
>          /sbin/iptables -P OUTPUT ACCEPT
> #maskarada
> /sbin/iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
> /sbin/iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
> /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> #povoleni ICMP paketu
>          /sbin/iptables -A INPUT       -p icmp -j ACCEPT
>          /sbin/iptables -A FORWARD     -p icmp -j ACCEPT
>
> #intranet - povoleni vsech portu z techto ip na proxy
>          /sbin/iptables -A INPUT -j ACCEPT -s $LAN_IP_NET
> #routovani
>          /sbin/iptables -A FORWARD -j ACCEPT -s $LAN_IP_NET

zkusil bych po startu systemu zavolat neco na zpusob iptables-load ...
urcite to pomuze :-))

iptables-save >> /xxx/save.list        pro ulozeni

a iptables-load << /xxx/save.list      pro nacteni