[ale] iptables-save
Mike Millson
mgm at atsga.com
Wed Jan 16 15:40:55 EST 2002
If I manually restart iptables as you outline below, everything works great.
However, after I restart the machine, nothing works until I do the manual
iptables restart or I run the script with the iptables rules in it. Somehow
there is a difference. Any idea why it won't happen at startup but works
when I do it manually after startup?
-----Original Message-----
From: James P. Kinney III [mailto:jkinney at localnetsolutions.com]
To: ale at ale.org
Sent: Wednesday, January 16, 2002 2:18 PM
To: mgm at atsga.com
Cc: ALE
Subject: Re: [ale] iptables-save
It will not cause a problem. I suspect that the cause of the failure
using the /etc/sysconfig/iptables is the manual save is not saving the
counter data.
Launch your firewall with the script that works. save it with:
iptables-save -c > iptables-save-data
copy that to /etc/sysconfig/iptables. Run "/etc/init.d/iptables restart"
Now run "iptables -L" to see what's running. Should be running OK.
On Wed, 2002-01-16 at 12:54, Mike Millson wrote:
> The script in the iptables howto works if I run it by hand. No problem it
> does NAT for the other computers on network. The problem is getting the
> iptables set up automatically on boot. If I put the rules in
> /etc/rc.d/rc.firewall and run them from the end of rc.local, no problem -
it
> works. However, if I try to do it like the iptables how says, by using
> iptables-save to save the rules to /etc/sysconfig/iptables, disable my
> rc.firewall script on boot, then NAT does not work.
>
> It seems that iptables-save doesn't save the correct rules. Anyone else
> experience this. Any reason why I shouldn't just blast away the
> /etc/sysconfig/iptables file and just let rc.local brute force run the
> script to populate the rules?
>
> Thank you,
> Mike Millson
> ----------------------------------------
> AableTech Solutions, Inc.
> 770.414.8834
> 770.414.8206 fax
> http://www.atsga.com
> ----------------------------------------
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
be
> sent to listmaster at ale dot org.
>
--
James P. Kinney III \Changing the mobile computing world/
President and COO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list