set up NAT (network address translation) on local server

Christopher K. Johnson ckjohnson at gwi.net
Thu Nov 20 18:27:24 UTC 2008 

It appears from your email that there was an editing error at the COMMIT 
or line after.
Perhaps instead of a line-end on those lines it has spaces and wrapped 
them into one long line?
Could happen from copy and paste depending on circumstances.
Check that each rule is on its own line.

Antonio Olivares wrote:
> How can I fix this?
> I manually edited the file and I stopped service and now I get :
>
> [root at localhost ~]# gedit /etc/sysconfig/iptables &
> [1] 7697                                           
> [root at localhost ~]# service iptables stop
> iptables: Flushing firewall rules:                         [  OK  ]
> iptables: Setting chains to policy ACCEPT: nat filter      [  OK  ]
> iptables: Unloading modules:                               [  OK  ]
> [1]+  Done                    gedit /etc/sysconfig/iptables        
> [root at localhost ~]# service iptables restart
> iptables: Flushing firewall rules:                         [  OK  ]
> iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
> iptables: Unloading modules:                               [  OK  ]
> iptables: Applying firewall rules: Bad argument `COMMIT'           
> Error occurred at line: 6                                          
> Try `iptables-restore -h' or 'iptables-restore --help' for more information.
>                                                            [FAILED]         
> [root at localhost ~]# cat /etc/sysconfig/iptables                             
> *nat                                                                        
> :PREROUTING ACCEPT [1:233]                                                  
> :POSTROUTING ACCEPT [0:0]                                                   
> :OUTPUT ACCEPT [0:0]                                                        
> -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 10.154.19.210  
> COMMIT                                                                      
> -A FORWARD -i eth1 -o eth0 -j ACCEPT                                       -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT            
> # manually added the changes 2008/11/20                                         
> # Firewall configuration written by system-config-securitylevel                 
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> [root at localhost ~]#
>
> Thanks,
>
> Antonio 
>
>
>       
>
>   


-- 
   "A society grows great when old men plant trees whose shade they know
   they shall never sit in" - Greek Proverb

More information about the fedora-list mailing list