iptables configuration

Message

mrbrklyn · Post by **mrbrklyn** » Sat Oct 07, 2017 10:02 am

I want to ditch network manager and put in a static network config

I set up things in /etc/conf.d/net

Now I need to put in a simple iptable command for masquarading and I don't see how it fits within the complex /etc/init.d/iptables configuration.

I have to create a rule and then save it, but I don't see where or docs on the form of the file

/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Also, I don't see how to turn on port forwarding.

charles17 · Post by **charles17** » Sat Oct 07, 2017 11:37 am

Have you seen the iptables wiki article?
Then see https://www.systutorials.com/816/port-f ... -iptables/

szatox · Post by **szatox** » Sat Oct 07, 2017 1:35 pm

IPv4 forwarding in runtime:
sysctl net.ipv4.conf.all.forwarding=1
IPv6 forwarding in runtime:
sysctl net.ipv6.conf.all.forwarding=1
To make it persistent, put params from those commands above into a config file you can find in /etc (so they will be loaded on every boot)

Gentoo comes with iptables service. It has a non-standard command "save", which dumps current rules to a file somewhere in /var/lib, and loads those rules back when the service starts, which makes a pretty nice and easy to use interface. You just set your rules manually, and once you're happy with them, you use 'service iptables save' to make them permanent.

Post by **pjp** » Sat Oct 07, 2017 3:01 pm

Moved from Other Things Gentoo to Networking & Security.

mrbrklyn · Post by **mrbrklyn** » Sat Oct 07, 2017 6:47 pm

charles17 wrote:Have you seen the iptables wiki article?
Then see https://www.systutorials.com/816/port-f ... -iptables/

that is not useful. I already know everything there. I need to set it up on boot with openrc and no Network Manager et al

mrbrklyn · Post by **mrbrklyn** » Sat Oct 07, 2017 6:48 pm

szatox wrote: To make it persistent, put params from those commands above into a config file you can find in /etc (so they will be loaded on every boot)

that is my question. How do I do that.

mrbrklyn · Post by **mrbrklyn** » Sat Oct 07, 2017 6:51 pm

szatox wrote:IPv4 forwarding in runtime:
sysctl net.ipv4.conf.all.forwarding=1
IPv6 forwarding in runtime:
sysctl net.ipv6.conf.all.forwarding=1
To make it persistent, put params from those commands above into a config file you can find in /etc (so they will be loaded on every boot)

Gentoo comes with iptables service. It has a non-standard command "save", which dumps current rules to a file somewhere in /var/lib, and loads those rules back when the service starts, which makes a pretty nice and easy to use interface. You just set your rules manually, and once you're happy with them, you use 'service iptables save' to make them permanent.

Oh. I was wondering because there are a bunch of files in that sub directory that seem to need entries

Post by Hu » Sat Oct 07, 2017 11:25 pm

The persistent sysctl file szatox hinted at has a very subtle name: /etc/sysctl.conf. Put the settings there. Ensure that rc service sysctl is in the boot runlevel. That will enable IP packet forwarding for IPv4/IPv6, as appropriate. Separately, you may need iptables rules if the forwarded traffic needs to be rewritten.