 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 11 Jul 2007 21:08:38 +0800 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Steven J. Yellin wrote:
> Try putting in /etc/sysctl.conf the line
> net.ipv4.ip_forward = 1
>
> Steven Yellin
I also recommend the use of an add-on firewall package for anything but
the most basic rules. Such packages are created by more competent folk
than you and I, and have safe default rules.
My favourite is shorewall. It's configured with a set of text files, is
actively maintained and seems quite popular.
Here's how I keep a good piece of China out of my hair:
# China Tsinghua University
DROP net:202.115.31.255/17 all tcp 25,22
I have similar rules for selected other networks in China and elsewhere.
>
> On Wed, 11 Jul 2007, vivek chal wrote:
>
>> Hi all!
>>
>> I have made Gateway of my DNS by using the following iptables rules:
>> iptables --flush
>> iptables --table nat --flush
>> iptables --delete-chain
>> iptables --table nat --delete-chain
>> iptables --table nat --append POSTROUTING --out-interface eth0 -j
>> MASQUERADE
>> iptables --append FORWARD --in-interface eth1 -j ACCEPT
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>> iptables-save
>>
>> My gateway is working fine but the only problem is that i have to run
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>> everyday after booting my server in order to make my gateway up.My
>> clients
>> can't ping any site untill i give this command. i have made service
>> iptables
>> to start at boot time.
>> Could anyone tell me where i am doing wrong.
--
Cheers
John
-- spambait
[log in to unmask] [log in to unmask]
Please do not reply off-list
|
|
|
