On Sun, Jan 18, 2004 at 11:35:13PM +0100, Christian Schnobrich wrote:
> Hello,
>
> like many, I have an old box set up as gateway. Upon reboot, I'd like it
> to load the appropriate iptables rules and set /proc/../ip_forward to 1.
>
> Until now, I'm doing this by a self-made "init script" that will do just
> that, but won't understand any of the usual start|stop|restart|[etc]
> options. Not exactly a script, really.
>
> Now I've stumbled over an actual existing script, /etc/init.d/iptables.
> I just failed to see it until today.
> Would it be 'smarter' or 'better policy' to employ this script instead
> of my own pseodo-script? And, what does it actually do? I couldn't find
> any docs, and reading the script itself I'm not sure whether I
> understand it correctly -- I do however get a feeling as if my brain was
> wildly spinning in my head. Just running the script and see what happens
> doesn't seem to be a prudent approach as well.
Have a look in /etc/defaults/iptables. This suggests that the package
maintainer doesn't like the /etc/init.d/iptables idea. I don't see a
major problem with it, but then I'm sure he knows something I don't.
I ignore it, and put my iptables and other routing/firewall stuff in
something like /usr/local/bin/firewall_on, then call that script from
/etc/init.d/bootmisc.sh.
> Next, in /etc/init.d/networking I found the following:
> > ip_forward () {
> > if [ -e /proc/sys/net/ipv4/ip_forward ]; then
> > echo -n "Enabling packet forwarding: "
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > echo "done."
> > fi
> I read this as "if .../ip_forward exists, set it to 1", however, this
> doesn't work for me. This script seems easier to understand than the one
> above, and I don't see anything that might have the power not to call
> the above function -- it should be invoked every time the script is run,
> but I have /proc/sys/net/ipv4/ip_forward = 0 after boot.
That function is called by the line lower down "doopt ip_forward no".
And doopt looks in /etc/network/options. If you put ip_forward=yes in
/etc/network/options, that will turn on IP forwarding.
A
--
Please don't CC me. Also _please_ read the following before posting:
Documentation - http://www.debian.org/doc/
FAQ - http://www.debian.org/doc/FAQ/
Install manual (i386) - http://www.debian.org/releases/stable/i386/install
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
