[CentOS] iptables port forwarding

Wed Jun 29 01:02:32 UTC 2011
muiz <muiz at 163.com>

Thanks all!


    I'm studying iptables at the moment, Hope I can help others in the feture :)




At 2011-06-28,"Ljubomir Ljubojevic" <office at plnet.rs> wrote:

>Christopher Chan wrote:
>> Er, you are not making much sense here. John posts that -v is needed to 
>> not get the 'digested result' but the 'full result' and then you go off 
>> on a branch about iptables-save. Oh, I still don't see what difference 
>> there is between iptables -nv -L ${table} and iptables-save. 
>> iptables-save sounds more like the 'nice presentation of used rules' 
>> according to the man page.
>
>Then please tell  some noob to just copy a rule from  iptables -nv -L 
>${table}. And good luck with that.
>
>[snip]
>> Strawman argument. Who needs to see the actual rules in 
>> /etc/sysconfig/iptables for 'creating the firewall' when you are just 
>> going to overwrite it with a working set by running 'service iptables 
>> save'? Or rather, both iptables -nv -L and iptables-save will provide 
>> you the actual rules but just presented differently.
>
>Exactly the point. One will show you *what* is being done, and other 
>*how* it's being done. Not the same. Like it's not the same to use 
>compiled program to explain where the error in source code is.
>
>>>
>>> I started wrestling with iptables rules in 2005 when I started working
>>> as networking admin and had to solve some very hard problems including
>>> policy routing, marking packets in right order, etc. Since then gained a
>>> lot of experience in helping others (on several forum sites) understand
>>> what they have and what they need to add/remove/change.
>> 
>> What's this? Get off your high horse. I have worked with ipchains, gone 
>> through the differences between netfilter and ipchains, messed with 
>> ipset due to the potential thousands of rules needed to be loaded but 
>> ultimately had to give up due to the instability of ipset, done iproute2 
>> for multiple routing tables, done traffic shaping, done pf on OpenBSD, 
>> done ipfw on Solaris and John R Pierce probably has more experience than 
>> I do. You have arrived late to the party.
>
>Knowing to do something and finding the best path to extract info from 
>noob person and explaining him what exactly to do are totally different 
>things. But whatever, I do not have time and will to argue about 
>irrelevant stuff with heap of work on my schedule.
>
>Ljubomir
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110629/af3dcd69/attachment-0004.html>