RE: iptables newbie - Mark E. Donaldson

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Mark E. Donaldson" <markee@bandwidthco.com>
To: 'Johan Cimen' <c99jcn@cs.umu.se>,
	"'John A. Sullivan III'" <john.sullivan@nexusmgmt.com>
Cc: netfilter@lists.netfilter.org
Subject: RE: iptables newbie
Date: Sat, 27 Dec 2003 17:53:28 -0800	[thread overview]
Message-ID: <200312280153.hBS1rVTS023171@server5.bandwidthco.com> (raw)
In-Reply-To: <Pine.GSO.4.58.0312271715200.23735@peppar.cs.umu.se>

The command defaults to the filter table if no table is specified  as an
argument.  Try  iptables -v -n -x -L -t mangle and see what you get.

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Johan Cimen
Sent: Saturday, December 27, 2003 9:05 AM
To: John A. Sullivan III
Cc: netfilter@lists.netfilter.org
Subject: Re: iptables newbie

A more precise explanation of my problem:
When I use below command within my script,

iptables -t mangle -A OUTPUT -o $IFACE -p UDP --dport 7001 -j TOS --set-tos
0x10

where I have an iptables -L at the very end, I can see the results:

Chain OUTPUT (policy ACCEPT)
target  prot opt source  destination
TOS     udp -- anywhere  anywhere    udp dpt:7001 TOS set
Maximize-Throughput

But very next used: iptables -L at my prompt shows nothing else than
headlines. The results shown from my script are disapeared! iptables -L was
the last thing my script did before exit 0.

> On Sat, 2003-12-27 at 08:31, Johan Cimen wrote:
> > Problem that I have is:
> > 1. I cannot use:
> >    iptables -t mangle -A OUTPUT -o $IFACE -p UDP --dport 7001 -j TOS 
> > --set-tos 0x10
> >    Using iptables -L shows nothing under OUTPUT headline.

#2 below was just an example used at prompt. If I use iptables command
without tables, because tables used at prompt are not shown:
iptables -A OUTPUT -o $IFACE -p UDP --dport 7001, And after that using
iptables -L shows:

Chain OUTPUT (policy ACCEPT)
target  prot opt source  destination
        udp -- anywhere  anywhere

But if I use PREROUTING or POSTROUTING it says: No chain/target/match by
that name. I cannot use PREROUTING and POSTROUTING at prompt, which is
possible in script.

> > 2. I cannot use (just an example, nothing to do with what i want to do):
> >    iptables -A POSTROUTING -o $IFACE -p UDP --dport 7001

> >    iptables says: No chain/target/match by that name
> >    Above iptable command works for INPUT, FORWARD and OUTPUT chains.

> On Sat, 27 Dec 2003, John A. Sullivan III wrote:
> Are you remembering to specify the table with -t mangle or -t nat if 
> you are not using the filter table? You do this in rule #1 but not 
> rule #2 and if you do iptables -L OUTPUT you will see the rules of the 
> filter table OUTPUT chain and not mangle or nat.  Good luck - John

Yes I understand that I have to use -t mangle if I dont use filter table.
But I cannot se the results from my commands included with -t mangle. Is
this not possible? If not, why is my script showing results that are
disapeared after execution of my script terminations?

What I am trying to explain is that I got results when I am using iptables
commands in my script and those are disapeared after the termination of my
scripts. And I am trying to say that if I use iptables commands without
tables and without PREROUTING, POSTROUTING, its OK, but I want to use tables
and PREROUTING, POSTROUTING as well in script as at prompt. I cannot do
this.

Suggestions ??

 -Johan-

next prev parent reply	other threads:[~2003-12-28  1:53 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-12-27 13:31 iptables newbie Johan Cimen
2003-12-27 14:50 ` John A. Sullivan III
2003-12-27 17:05   ` Johan Cimen
2003-12-27 19:09     ` Iced Tea
2003-12-27 19:16       ` Johan Cimen
2003-12-28  1:53     ` Mark E. Donaldson [this message]
2003-12-27 21:26 ` Johan Cimen
  -- strict thread matches above, loose matches on Subject: below --
2003-09-11 13:41 ads nat
2003-09-11 14:28 ` Pascal Vilarem
2002-09-12  7:05 binding nntp to one interface Rasmus Reinholdt Nielsen
2002-09-12 10:22 ` Antony Stone
2002-09-12 11:31   ` IPTABLES NewBie HareRam
2002-09-12 13:54     ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200312280153.hBS1rVTS023171@server5.bandwidthco.com \
    --to=markee@bandwidthco.com \
    --cc=c99jcn@cs.umu.se \
    --cc=john.sullivan@nexusmgmt.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox