# help configuring iptables in kernel - SOLVED

## Moriah

I have a set of iptables rules in a script file that I have been using for several years with openvpn to impliment a static point-to-point shared secret tunnel between 2 networks.

A combination of a recent update to openvpn, and possible iptables as well, combined with a hardware failure, has forced me to install a new machine and software at the near end of the tunnel.  After much grief with a change in the /etc/init.d/openvpn start-up script, I have openvpn working again.

My problem is that I jumped from gentoo-sources 2.6.14 to 2.6.30-r4, and in the meanwhile, iptables became *MUCH* more complex to configure.    :Evil or Very Mad: 

There are now options for every little nit picking thing iptables does, and it used to be easy to configure.

Can somebody guide me thru configuring my kernel so that iptables "just works" like it used to?

Thanks!    :Very Happy: 

----------

## richard.scott

I use OpenVPN for a Tun or Nat connection and I've never done IPTables admin by hand.

I always use "Shorewall" for that as it is much easier to understand.

(It's really easy to configure too.)

Rich

----------

## albright

 *Quote:*   

> Can somebody guide me thru configuring my kernel so that iptables "just works" like it used to? 

 

I can't do that but my own fallback is to simply check everything that looks

like it *might* be relevant as a kernel module - the needed modules will

be loaded automatically when iptables calls for them.

----------

## Moriah

I was thinking of trying that.  I have always tried to build everything staticly into the kernel unless it *MUST* be a module to work.  I guess after I see what gets loaded, I could rebuild the kernel making those comp[onents static.  Thanks for the help!

BTW I have to do my tables by hand, as I have a really weird setup here.

----------

## Moriah

As is frequently the case, a good night's sleep is sometimes the answer.  I woke up this morning and fiddled a bit with it, and Voila!  It was working!    :Very Happy: 

The problem was not in the iptables build in the kernel at all; it was a routing problem.  My routes are established in my firewall script, since that script also tailors the entire firewall configuration to the DHCP address of the near end of the tunnel.  I had forgotten to edit the /etc/conf.d/local.start script to run the firewall script at system start-up.  This used to be necessary many moons ago when I was using L2TP for the tunnel, and /etc/init.d/iptables did not have the "save" command.  I started everything with the old rc.local script.  Now, running the firewall script at startup is just the easiest way to establish the routing, given the legacy baggage of how all this mess evolved over the years.

MORAL:  The problem isn't always where you thin it is.    :Surprised: 

But now its working, so I can get back to work!    :Very Happy:   :Very Happy:   :Very Happy: 

----------

