[CentOS] Putting nat routing into place permanently?

Wed Nov 2 00:58:50 UTC 2005

> Peter Kjellström wrote:
>> It will work but it's not the "right" way and it's not
>> pretty. I say go for Brian J Smiths approach in the
>> previous e-mail.
>
> Just know I'm not a "my way dammit" type of guy.  Whatever
> works is whatever works.  Although if you work for me, or I'm
> a consultant at your firm, you'll get the baseball bat if
> your supervisors are paying me to tell you how to do things.
> ;->  Because in the majority of those cases, they are also
> paying for Red Hat support as well (and we want to minimize
> any number and/or complications with those).

Exactly. I do this even at home. It's almost to the point of absurdity.
I'll avoid the quick and dirty so that I learn to do it the right way,
precisely so when I'm called on to do it at work I know the right way.

> The reason is that *I* (and I want the companies I consult
> for) try to learn the vendor's supported way.  That way I
> send Red Hat 1 file to Red Hat and they don't have to worry
> or second-guess where other rules might be written.  I.e., in
> a nutshell, I've got "bitten in the @$$" when I've put rules
> in rc.sysinit or rc.local or in some odd /usr/local/sbin
> script because I missed them.

Same here. rc.local was my first thought, but I figured with all the
progress made in abstracting (repos.d is a good example) configuration
more neatly, that there had to be a better way.

> Preston Crawford wrote:
>> Yeah. Makes sense. That's why I asked for the "canonical"
>> way of doing it. I'll take "what works", but I prefer to do
>> it the "right" way.
>
> The great thing about the "service iptables save" (or
> "/etc/init.d/iptables save") command.  If you get something
> that works, you can run that command and it'll save it for
> the next time.  Still inspect the /etc/sysconfig/iptables
> script afterwards to make sure the rules are correct (they
> will be subsets of the full iptables line).  But for the most
> part, they work just fine for myself.

This is what I did. Thanks!!!

> If you were glued to the TV during the Katrina hurricanes and
> saw the (407) (Orlando) or (813) (Tampa) area code phone
> number to call to find out about relatives -- that was my
> small company's work.  They were IP communications equipment
> deployed over a mesh network setup in minutes up to a
> satellite uplink -- all controlled by *1* Linux box with my
> scripts (and other capabilities).  We're normally not into
> the business of providing the actual disaster services --
> we're more interested in selling our stuff to others to do
> such.  But since we're the only company with the proven
> capabilities (something we proved after Charlie, which hit
> even my house last year), we're the ones FEMA and the Coast
> Guard look to at a moments notice.

Nice. So FEMA got something right. :-)

I mean that as a compliment to you, not a slam on FEMA.

Preston