iptables -t nat / where to save

Hi,

Al last, thanks to an excellent HOWTO, I was helped by two simple commands
to install my Linux-PC as a router (Suse 9; ADSL; PPTP {Austira}) for two
other Pcs.

The two commands:
modprobe ipt_MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE

Now, my question is where (in which file) to save these commands in order to
enable them when I start my Internet connection.

Many thanks,
Roland

Roland Krismer wrote:
> Hi,
>
> Al last, thanks to an excellent HOWTO, I was helped by two simple commands
> to install my Linux-PC as a router (Suse 9; ADSL; PPTP {Austira}) for two
> other Pcs.
>
> The two commands:
> modprobe ipt_MASQUERADE
> iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE
>
> Now, my question is where (in which file) to save these commands in order to
> enable them when I start my Internet connection.

Personally, I recommend "/etc/ppp/ip-up" for that. But since You don't
use the dynamic IP that You are assigned, You could keep that rule
permanently and put it in one of the startup scripts of SuSE's.


Cheers, Jack.

PS: Accordingly, You can delete the rule and unload the module in
"/etc/ppp/ip-down".

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

Carles Arjona wrote:
> Roland Krismer wrote:
>
> <>
>
>>The two commands:
>>modprobe ipt_MASQUERADE
>>iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE
>>
>>Now, my question is where (in which file) to save these commands in order to
>>enable them when I start my Internet connection.
>
>
> On RedHat Linux such commands are usually called from the
> /etc/ppp/ip-up.local script using absolute pathnames:
>
> [snip]
>

On RedHat such commands are put in /etc/sysconfig/iptables as something
like ...

# initialize nat
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#
# set up masquerade
#
-A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE

Roland Krismer wrote:
>
<>
> The two commands:
> modprobe ipt_MASQUERADE
> iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE
>
> Now, my question is where (in which file) to save these commands in order to
> enable them when I start my Internet connection.

On RedHat Linux such commands are usually called from the
/etc/ppp/ip-up.local script using absolute pathnames:

/sbin/modprobe ...
/sbin/iptables ...

As it seems, Suse Linux has the same script:
http://www.linuxbu.ch/konfiguration/ip-up

--
Regards,

Carles Arjona (E-Mail Removed) ( nospammer IS my real username ).

"Roland Krismer" <(E-Mail Removed)> wrote in message
news:3fdc8f93$0$18064$(E-Mail Removed) y.telekom.at...
> Hi,
>
> Al last, thanks to an excellent HOWTO, I was helped by two simple commands
> to install my Linux-PC as a router (Suse 9; ADSL; PPTP {Austira}) for two
> other Pcs.
>
> The two commands:
> modprobe ipt_MASQUERADE
> iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE
>
> Now, my question is where (in which file) to save these commands in order
to
> enable them when I start my Internet connection.
>
> Many thanks,
> Roland

I have (mandrake 9.1) a command "iptables-save" which stores the iptables
and loads them during startup (/etc/init.d/iptables)

iptables-restore does the reverse.
regards, Jan

Roland Krismer wrote:
> Hi,
>
> Al last, thanks to an excellent HOWTO, I was helped by two simple commands
> to install my Linux-PC as a router (Suse 9; ADSL; PPTP {Austira}) for two
> other Pcs.
>
> The two commands:
> modprobe ipt_MASQUERADE
> iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE
>
> Now, my question is where (in which file) to save these commands in order to
> enable them when I start my Internet connection.

The answer to your question depends on which Linux distribution you are
using. If you are working with Red Hat 9 Linux, the super user 'root'
can use the following command lines

[root]# service iptables save
or
[root]# /etc/init.d/iptables save

to write the current firewall configuration to a disk file named

/etc/sysconfig/iptables

The saved firewall configuration is reloaded from the disk file into the
firewall whenever the iptables service is (re)started.

--
Jim

To reply by email, remove "link" and change "now.here" to "yahoo"
jfischer_link5809{at}now.here.com

Allen Kistler wrote:
>
> Carles Arjona wrote:
> > Roland Krismer wrote:
> >
> > <>
> >
> >>The two commands:
> >>modprobe ipt_MASQUERADE
> >>iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE
> >>
> >>Now, my question is where (in which file) to save these commands in order to
> >>enable them when I start my Internet connection.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> >
> > On RedHat Linux such commands are usually called from the
> > /etc/ppp/ip-up.local script using absolute pathnames:
> >
> > [snip]
>
> On RedHat such commands are put in /etc/sysconfig/iptables as something
> like ...
>
<snip>

Or just run

iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/16 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables

Then make sure to disable iptables by means of chkconfig, ntsysv, .. if
you don't want masquerading active at boot time.

The /etc/ppp/ip-up.local script must contain:

/sbin/service iptables start

Which is a different approach to enable Masquerading with iptables after
starting the PPP link.

PS: The /etc/ppp/ip-down.local script must also be modiffied to disable
IP masquerading.

--
Regards,

Carles Arjona (E-Mail Removed) ( nospammer IS my real username ).