RE: iptables newbie - Mark E. Donaldson

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Mark E. Donaldson" <markee@bandwidthco.com>
To: 'Johan Cimen' <c99jcn@cs.umu.se>,
	"'John A. Sullivan III'" <john.sullivan@nexusmgmt.com>
Cc: netfilter@lists.netfilter.org
Subject: RE: iptables newbie
Date: Sat, 27 Dec 2003 17:53:28 -0800	[thread overview]
Message-ID: <200312280153.hBS1rVTS023171@server5.bandwidthco.com> (raw)
In-Reply-To: <Pine.GSO.4.58.0312271715200.23735@peppar.cs.umu.se>

The command defaults to the filter table if no table is specified  as an
argument.  Try  iptables -v -n -x -L -t mangle and see what you get.

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Johan Cimen
Sent: Saturday, December 27, 2003 9:05 AM
To: John A. Sullivan III
Cc: netfilter@lists.netfilter.org
Subject: Re: iptables newbie

A more precise explanation of my problem:
When I use below command within my script,

iptables -t mangle -A OUTPUT -o $IFACE -p UDP --dport 7001 -j TOS --set-tos
0x10

where I have an iptables -L at the very end, I can see the results:

Chain OUTPUT (policy ACCEPT)
target  prot opt source  destination
TOS     udp -- anywhere  anywhere    udp dpt:7001 TOS set
Maximize-Throughput

But very next used: iptables -L at my prompt shows nothing else than
headlines. The results shown from my script are disapeared! iptables -L was
the last thing my script did before exit 0.

> On Sat, 2003-12-27 at 08:31, Johan Cimen wrote:
> > Problem that I have is:
> > 1. I cannot use:
> >    iptables -t mangle -A OUTPUT -o $IFACE -p UDP --dport 7001 -j TOS 
> > --set-tos 0x10
> >    Using iptables -L shows nothing under OUTPUT headline.

#2 below was just an example used at prompt. If I use iptables command
without tables, because tables used at prompt are not shown:
iptables -A OUTPUT -o $IFACE -p UDP --dport 7001, And after that using
iptables -L shows:

Chain OUTPUT (policy ACCEPT)
target  prot opt source  destination
        udp -- anywhere  anywhere

But if I use PREROUTING or POSTROUTING it says: No chain/target/match by
that name. I cannot use PREROUTING and POSTROUTING at prompt, which is
possible in script.

> > 2. I cannot use (just an example, nothing to do with what i want to do):
> >    iptables -A POSTROUTING -o $IFACE -p UDP --dport 7001

> >    iptables says: No chain/target/match by that name
> >    Above iptable command works for INPUT, FORWARD and OUTPUT chains.

> On Sat, 27 Dec 2003, John A. Sullivan III wrote:
> Are you remembering to specify the table with -t mangle or -t nat if 
> you are not using the filter table? You do this in rule #1 but not 
> rule #2 and if you do iptables -L OUTPUT you will see the rules of the 
> filter table OUTPUT chain and not mangle or nat.  Good luck - John

Yes I understand that I have to use -t mangle if I dont use filter table.
But I cannot se the results from my commands included with -t mangle. Is
this not possible? If not, why is my script showing results that are
disapeared after execution of my script terminations?

What I am trying to explain is that I got results when I am using iptables
commands in my script and those are disapeared after the termination of my
scripts. And I am trying to say that if I use iptables commands without
tables and without PREROUTING, POSTROUTING, its OK, but I want to use tables
and PREROUTING, POSTROUTING as well in script as at prompt. I cannot do
this.

Suggestions ??

 -Johan-

next prev parent reply	other threads:[~2003-12-28  1:53 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-27 13:31 iptables newbie Johan Cimen
2003-12-27 14:50 ` John A. Sullivan III
2003-12-27 17:05   ` Johan Cimen
2003-12-27 19:09     ` Iced Tea
2003-12-27 19:16       ` Johan Cimen
2003-12-28  1:53     ` Mark E. Donaldson [this message]
2003-12-27 21:26 ` Johan Cimen
  -- strict thread matches above, loose matches on Subject: below --
2003-09-11 13:41 ads nat
2003-09-11 14:28 ` Pascal Vilarem
2002-09-12  7:05 binding nntp to one interface Rasmus Reinholdt Nielsen
2002-09-12 10:22 ` Antony Stone
2002-09-12 11:31   ` IPTABLES NewBie HareRam
2002-09-12 13:54     ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200312280153.hBS1rVTS023171@server5.bandwidthco.com \
    --to=markee@bandwidthco.com \
    --cc=c99jcn@cs.umu.se \
    --cc=john.sullivan@nexusmgmt.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.