centos 6 gateway setup

Issues related to configuring your network
User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: centos 6 gateway setup

Post by jlehtone » 2019/10/07 16:51:44

roberto26 wrote:
2019/10/07 07:28:10
it was as easy as issue:
iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
That command alone and once does not solve the issue; you wan't to reboot your machines whenever you receive (kernel) security fixes.
Did you make your SNAT config persistent?

roberto26
Posts: 7
Joined: 2019/09/30 09:15:05

Re: centos 6 gateway setup

Post by roberto26 » 2019/10/07 17:24:30

jlehtone wrote:
2019/10/07 16:51:44
That command alone and once does not solve the issue; you wan't to reboot your machines whenever you receive (kernel) security fixes.
Did you make your SNAT config persistent?
That's right.

iptables-save > /etc/sysconfig/iptables

should be sufficient. I cannot test it right now, as I cannot reboot, but I will check if it works as soon as possible.

Thank you!

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: centos 6 gateway setup

Post by TrevorH » 2019/10/07 20:27:23

The correct way to save the rules is to run service iptables save as that also makes a backup of the old file and also ensures the selinux contexts on the files are correct.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: centos 6 gateway setup

Post by jlehtone » 2019/10/08 14:46:07

The reason I did ask was:
roberto26 wrote:
2019/10/03 05:34:28
I have disabled iptables both on "A" and on "B":

Code: Select all

[root@usvc ~]# chkconfig --list | grep iptables
iptables       	0:off	1:off	2:off	3:off	4:off	5:off	6:off
Saving rules (correctly) is half of the job. Reading the rules during boot is the other half.

You have set your system to not read.

Post Reply