[CentOS] iptables port forwarding

Tue Jun 28 09:41:36 UTC 2011
Christopher Chan <christopher.chan at bradbury.edu.hk>

On Tuesday, June 28, 2011 05:22 PM, Ljubomir Ljubojevic wrote:
> Christopher Chan wrote:
>> Er, you are not making much sense here. John posts that -v is needed
>> to not get the 'digested result' but the 'full result' and then you go
>> off on a branch about iptables-save. Oh, I still don't see what
>> difference there is between iptables -nv -L ${table} and
>> iptables-save. iptables-save sounds more like the 'nice presentation
>> of used rules' according to the man page.
>
> Then please tell some noob to just copy a rule from iptables -nv -L
> ${table}. And good luck with that.

Go on, be snide. The OP had no problem pasting /sbin/iptables -L

>
> [snip]
>> Strawman argument. Who needs to see the actual rules in
>> /etc/sysconfig/iptables for 'creating the firewall' when you are just
>> going to overwrite it with a working set by running 'service iptables
>> save'? Or rather, both iptables -nv -L and iptables-save will provide
>> you the actual rules but just presented differently.
>
> Exactly the point. One will show you *what* is being done, and other
> *how* it's being done. Not the same. Like it's not the same to use
> compiled program to explain where the error in source code is.
>

That sounds hilarious. Your comparison does not even match. There is no 
'what' or 'how' differences. It is all 'what' just presented differently.


>>>
>>> I started wrestling with iptables rules in 2005 when I started working
>>> as networking admin and had to solve some very hard problems including
>>> policy routing, marking packets in right order, etc. Since then gained a
>>> lot of experience in helping others (on several forum sites) understand
>>> what they have and what they need to add/remove/change.
>>
>> What's this? Get off your high horse. I have worked with ipchains,
>> gone through the differences between netfilter and ipchains, messed
>> with ipset due to the potential thousands of rules needed to be loaded
>> but ultimately had to give up due to the instability of ipset, done
>> iproute2 for multiple routing tables, done traffic shaping, done pf on
>> OpenBSD, done ipfw on Solaris and John R Pierce probably has more
>> experience than I do. You have arrived late to the party.
>
> Knowing to do something and finding the best path to extract info from
> noob person and explaining him what exactly to do are totally different
> things. But whatever, I do not have time and will to argue about
> irrelevant stuff with heap of work on my schedule.
>

Oh, so are you saying that you cannot understand the output of iptables 
-nv -L? I mean, cor, it must make such a big deal to a noob person when 
he is asked to paste the output of 'iptables-save' versus 'iptables -nv 
-L; iptables -nv -L nat; iptables -nv -L mangle'. Don't let me get in 
the way of your big pile of work.