Page 2 of 2

Re: centos 6 gateway setup

Posted: 2019/10/07 16:51:44
by jlehtone
roberto26 wrote:
2019/10/07 07:28:10
it was as easy as issue:
iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
That command alone and once does not solve the issue; you wan't to reboot your machines whenever you receive (kernel) security fixes.
Did you make your SNAT config persistent?

Re: centos 6 gateway setup

Posted: 2019/10/07 17:24:30
by roberto26
jlehtone wrote:
2019/10/07 16:51:44
That command alone and once does not solve the issue; you wan't to reboot your machines whenever you receive (kernel) security fixes.
Did you make your SNAT config persistent?
That's right.

iptables-save > /etc/sysconfig/iptables

should be sufficient. I cannot test it right now, as I cannot reboot, but I will check if it works as soon as possible.

Thank you!

Re: centos 6 gateway setup

Posted: 2019/10/07 20:27:23
by TrevorH
The correct way to save the rules is to run service iptables save as that also makes a backup of the old file and also ensures the selinux contexts on the files are correct.

Re: centos 6 gateway setup

Posted: 2019/10/08 14:46:07
by jlehtone
The reason I did ask was:
roberto26 wrote:
2019/10/03 05:34:28
I have disabled iptables both on "A" and on "B":

Code: Select all

[root@usvc ~]# chkconfig --list | grep iptables
iptables       	0:off	1:off	2:off	3:off	4:off	5:off	6:off
Saving rules (correctly) is half of the job. Reading the rules during boot is the other half.

You have set your system to not read.