• Favorite Desktop Environment 
    • KDE
    • Gnome
    • Fluxbox
    • XFCE
    • Enlightenment
    • I live life in the console
    • Other


Simple iptables Config for a Linux Gateway
  created: Jul 29, 2010

The following allows you to forward (NAT) traffic from an internal interface to an external interface (and back again ;]). In other words, creating a Gateway for a LAN (internal network).

Debian Based (apt-get)

  1. # apt-get install iptables
  2. # vi /etc/network/if-up.d/iptables

RedHat (rpm) Based

  1. # yum install iptables
  2. # vi /etc/sysconfig/iptables
  1. #!/bin/sh
  2.  
  3. PATH=/usr/sbin:/sbin:/bin:/usr/bin
  4.  
  5. # user defined
  6. WAN="eth0"
  7. LAN="eth1"
  8.  
  9. # delete existing rules
  10. iptables -F
  11. iptables -t nat -F
  12. iptables -t mangle -F
  13. iptables -X
  14.  
  15. # always accept loopback traffic
  16. iptables -A INPUT -i lo -j ACCEPT
  17.  
  18. # allow established connections, and those not coming from the outside
  19. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  20. iptables -A INPUT -m state --state NEW ! -i $LAN -j ACCEPT
  21. iptables -A FORWARD -i $LAN -o $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT
  22.  
  23. # allow outgoing connections from the LAN side
  24. iptables -A FORWARD -i $WAN -o $LAN -j ACCEPT
  25.  
  26. # masquerade out LAN interface
  27. iptables -t nat -A POSTROUTING -o $LAN -j MASQUERADE
  28.  
  29. # do not forward from wan to lan
  30. iptables -A FORWARD -i $WAN -o $LAN -j REJECT
  31.  
  32. # enable forwarding packets from interface to interface
  33. echo 1 > /proc/sys/net/ipv4/ip_forward

Debian Based (apt-get)

  1. # chmod +x /etc/network/if-up.d/iptables
  2. # sh /etc/network/if-up.d/iptables

RedHat (rpm) Based

  1. # service iptables restart

Note that this config does not give the ability to provide DHCP or DNS services to LAN clients.

Linux :tags Comments (0)


Using tar to backup a Linux System
  created: Jul 01, 2010

You can easily tar up a Linux box and extract the files on a Linux partition (some version of ext). This can be great for making an image of a dying hard-drive or putting a hard-drive in another box, mounting it, and then making a backup (great if you need to mount read-only).

The following creates an archive, gzips the archive for greater compression, verbosely prints to the screen what is being backed up, preserves all permissions, and stores it in a file "device" /path/to/archive.tar.gz.

History lesson: most implementations of tar still default to using a tape device as output for the file stream!

  1. # tar -pczvf /path/to/archive.tar.gz \
  2. > --directory=/ \
  3. > --exclude=proc --exclude=sys --exclude=dev/pts \
  4. > .

To decompress the archive to the current working directory:

  1. # tar -pxzvf archive.tar.gz
Linux :tags Comments (0)