[CentOS] iptables: forwarding on internal device

Tue Feb 10 16:28:22 UTC 2009
John <jses27 at gmail.com>

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Marcus Moeller
> Sent: Monday, February 09, 2009 6:11 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] iptables: forwarding on internal device
> 
> Hi again,
> 
> > Yes that would be correct Marcus echo it into /proc or in 
> /etc/sysctl.conf
> > would be
> > # Controls IP packet forwarding
> > net.ipv4.ip_forward = 1
> 
> This is what I have done already. sysctl -p gives me:
> 
> net.ipv4.ip_forward = 1
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.default.accept_source_route = 0
> kernel.sysrq = 0
> kernel.core_uses_pid = 1
> net.ipv4.tcp_syncookies = 1
> kernel.msgmnb = 65536
> kernel.msgmax = 65536
> kernel.shmmax = 4294967295
> kernel.shmall = 268435456
> 
> The strange thing is that it seems to be blocked by netfilter. I am
> using exactly the same rules on a Slackware Box without any problems.
----
Slackware is the Key here Marcus. The two distros have different modules
built into the kernel by default and maybe a cause for why it is happening?
But Honestly I don't see how you are ever going to forward packets and
requests with the below rule. How are you going to come into and back out of
the same interface? That's why it want traverse How about -i eth0 -o eth1 or
-I eth0 -o eth0:0

-A FORWARD -i eth0 -o eth0 -m state --state \
NEW,RELATED,ESTABLISHED -j ACCEPT

When you use iptables save it does not save the the rules you just put into
it! You will have to edit /etc/sysconfig/iptables-config:

# Unload modules on restart and stop
#   Value: yes|no,  default: yes
# This option has to be 'yes' to get to a sane state for a firewall
# restart or stop. Only set to 'no' if there are problems unloading
netfilter
# modules.
IPTABLES_MODULES_UNLOAD="yes"

# Save current firewall rules on stop.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
stopped
# (e.g. on system shutdown).
IPTABLES_SAVE_ON_STOP="yes"

# Save current firewall rules on restart.
#   Value: yes|no,  default: no
# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets
# restarted.
IPTABLES_SAVE_ON_RESTART="yes"

JohnStanley