Hello
I have set up NAT with iptables for an openvpn connection, so that the VPN server could give VPN clients access to the entire sub-net of the server.
The probelm is if I start system-config-securitylevel to say disable the firewall, and then again to enable it, my iptable rules are gone !
I did run `service iptables save` before.
Is there something I can do to prevent this ? Is there a gui interface to enable NAT over a VPN connection that cooperates with system-config-network ?
Thank you, Timothy Madden
Dec 6, 2011 4:32 AM Timothy Madden terminatorul@gmail.com 작성:
Hello
I have set up NAT with iptables for an openvpn connection, so that the VPN server could give VPN clients access to the entire sub-net of the server.
The probelm is if I start system-config-securitylevel to say disable the firewall, and then again to enable it, my iptable rules are gone !
I did run `service iptables save` before.
Is there something I can do to prevent this ? Is there a gui interface to enable NAT over a VPN connection that cooperates with system-config-network ?
You mean system-config-securitylevel? It's pretty useless. Pls take a look at Fwbuilder.
On 05.12.2011 22:49, Fajar Priyanto wrote: [...]
Is there something I can do to prevent this ? Is there a gui interface to enable NAT over a VPN connection that cooperates with system-config-network ?
You mean system-config-securitylevel? It's pretty useless. Pls take a look at Fwbuilder.
Thank you. Pretty difficult to use, though
Timothy Madden
Vreme: 12/06/2011 06:06 PM, Timothy Madden piše:
On 05.12.2011 22:49, Fajar Priyanto wrote: [...]
Is there something I can do to prevent this ? Is there a gui interface to enable NAT over a VPN connection that cooperates with system-config-network ?
You mean system-config-securitylevel? It's pretty useless. Pls take a look at Fwbuilder.
Thank you. Pretty difficult to use, though
Shorewall (+webmin) maybe?
On Mon, Dec 5, 2011 at 2:32 PM, Timothy Madden terminatorul@gmail.com wrote:
Hello
I have set up NAT with iptables for an openvpn connection, so that the VPN server could give VPN clients access to the entire sub-net of the server.
The probelm is if I start system-config-securitylevel to say disable the firewall, and then again to enable it, my iptable rules are gone !
I did run `service iptables save` before.
Is there something I can do to prevent this ? Is there a gui interface to enable NAT over a VPN connection that cooperates with system-config-network ?
Not sure what the GUI tool does (I'd assume it clears iptables if you tell it to disable the firewall...) but 'service iptables save' writes a file named iptables in /etc/sysconfig that you should be able to back up somewhere. However, a normal 'service iptables stop' which will happen in a shutdown/reboot, etc. will also overwrite that file.
Am 05.12.2011 22:00, schrieb Les Mikesell:
Not sure what the GUI tool does (I'd assume it clears iptables if you tell it to disable the firewall...) but 'service iptables save' writes a file named iptables in /etc/sysconfig that you should be able to back up somewhere. However, a normal 'service iptables stop' which will happen in a shutdown/reboot, etc. will also overwrite that file.
no it does not
since my first begin with linux i generate iptables-rules with shells-cripts calling "service iptables save" at the end and stop iptables will NEVER touch this rules
do not touch any of this gui's, learn to write the rules by yourself and you are much more flexible and it tokk me not more than two hours to write my script after swicth to fedora
in the meantime it is in production-use on > 20 servers, manage all this servers with if-$HOSTNAME bloks and will be used for routing, prot-forwarind, blocking of unwanted subnets and many other things
the big beenfit is you can star a new machine with copy this script, modife it at your needs and knowing exactly what happens
On Mon, Dec 5, 2011 at 3:09 PM, Reindl Harald h.reindl@thelounge.net wrote:
Not sure what the GUI tool does (I'd assume it clears iptables if you tell it to disable the firewall...) but 'service iptables save' writes a file named iptables in /etc/sysconfig that you should be able to back up somewhere. However, a normal 'service iptables stop' which will happen in a shutdown/reboot, etc. will also overwrite that file.
no it does not
since my first begin with linux i generate iptables-rules with shells-cripts calling "service iptables save" at the end and stop iptables will NEVER touch this rules
Hmmm, seems to be optional, depending how IPTABLES_SAVE_ON_STOP (etc.) is set in /etc/sysconfig/iptables-config.
Vreme: 12/05/2011 09:32 PM, Timothy Madden piše:
Hello
I have set up NAT with iptables for an openvpn connection, so that the VPN server could give VPN clients access to the entire sub-net of the server.
The probelm is if I start system-config-securitylevel to say disable the firewall, and then again to enable it, my iptable rules are gone !
I did run `service iptables save` before.
Is there something I can do to prevent this ? Is there a gui interface to enable NAT over a VPN connection that cooperates with system-config-network ?
Just stop the firewall via "service iptables stop" like any service, and start it again in the same manner.
-
Fajar Priyanto -
Les Mikesell -
Ljubomir Ljubojevic -
Reindl Harald -
Timothy Madden