From: Robert Nichols <rnicholsNOSPAM@comcast.net>
To: netfilter@lists.netfilter.org
Subject: Re: ip forwarding and iptables
Date: Mon, 15 May 2006 17:41:37 -0500 [thread overview]
Message-ID: <e4b032$e9r$1@sea.gmane.org> (raw)
In-Reply-To: <002301c67865$88d8d6e0$cf34000a@sven>
Angel Tsankov wrote:
> I have 2 PCs: one configured as gateway (PC1) and the other one (PC2)
> configured to use PC1 as gateway. PC1 runs a custom Linux distribution.
> It has ip
> forwarding enabled (e.g. by echo 'net.ipv4.ip_forward = 1' >>
> /etc/sysctl.conf).
> As far as I understand, I do not need to do anything else to make the
> kernel route traffic to and from PC2, right?
> However, if I have one PC more - PC3, and I do not wnat to route traffic
> to and from it I need to configure the kernel, e.g. with
> the help of iptables. Now if I do so, i.e. use iptables to configure the
> kernel, save the iptables configuration, setup the system
> to reload it at startup (using the init.d scripts), is there any moment
> (during system startup) when ip forwarding has been enabled
> but the iptables configuration has not yet been loaded and traffic could
> be routed to and from PC3?
It's pretty hard to guess what your "custom Linux distribution" might
be doing. Usually, at startup the iptables service is started before
starting networking, and during shutdown networking is stopped before
stopping (unloading) iptables.
How much more you might need to do in order to get traffic routed
depends on details about your network addressing that you have not
provided.
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.
next prev parent reply other threads:[~2006-05-15 22:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-15 21:21 ip forwarding and iptables Angel Tsankov
2006-05-15 22:41 ` Robert Nichols [this message]
2006-05-16 6:52 ` Angel Tsankov
2006-05-16 6:55 ` Angel Tsankov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='e4b032$e9r$1@sea.gmane.org' \
--to=rnicholsnospam@comcast.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox