networkmanager overwriting iptables on boot-up

Asked by Matt on 2009-07-10

My dad's 8.10 desktop has two Ethernet adapters, and I tried to set up ICS. I mis-typed one of the commands, though, and so now networkmanager overwrites the iptables filter table to block anything coming through eth0 (the one connecting to Internet). He found out how to fix this temporarily, but every time we boot Ubuntu, networkmanager overwrites the tables so we can't get Internet. We dual-boot, though, so all is not lost, but can someone tell me how to fix networkmanager so it doesn't overwrite the iptables?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu iptables Edit question
Assignee:
No assignee Edit question
Solved by:
Steven Danna
Solved:
2009-07-11
Last query:
2009-07-11
Last reply:
2009-07-11
Best Steven Danna (ssd7) said : #1

Are you sure NetworkManager is actually overwriting the iptables? Changes made to iptables are not persistent. That is, they are always lost on boot. (See https://help.ubuntu.com/community/IptablesHowTo). The best way to make iptables persistent is to use iptables-save and iptables-restore as described in the aforementioned link or to use a tool like ufw(uncomplicated firewall).

You said "I mis-typed one of the commands, though, and so now networkmanager overwrites the iptables filter table to block anything coming through eth0 (the one connecting to Internet)."

Could you also provide the following information:

1) What directions were you following.
2) The command you mistyped.
3) The command that makes your internet work again.
4) The output of this command at the terminal when your computer cannot connect to the internet:

sudo iptables -L

4) The output of that same command when your computer can connect to the internet.

Matt (mathphreak) said : #2

Thank you. iptables-save should do the trick.

buzuzu26 (hcekpunoby) said : #3

Hello,

Please can someone help me with this problem. I am running server applications in Ubuntu 8.04 desktop. I have enabled DHCP server and it works fine. I have also setup DNS which also works fine. However I have this problem; after setting up NAT using a How-To I found online, I was not able to reach the WAN interface of my server and hence could not browse. I think I am not getting something right with iptables.

The syslog shows this

Oct 23 10:18:47 server kernel: [ 1644.034730] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=95.52.132.133 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31014 PROTO=UDP SPT=21203 DPT=13510 LEN=111
Oct 23 10:18:47 server kernel: [ 1644.034766] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=94.21.132.60 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31015 PROTO=UDP SPT=21203 DPT=49009 LEN=111
Oct 23 10:18:47 server kernel: [ 1644.034785] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=80.99.223.137 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31016 PROTO=UDP SPT=21203 DPT=43193 LEN=111
Oct 23 10:18:47 server kernel: [ 1644.034802] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=92.249.188.95 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31017 PROTO=UDP SPT=21203 DPT=45680 LEN=111
Oct 23 10:18:48 server kernel: [ 1644.845742] IN=eth2 OUT= MAC=00:50:04:c4:51:e3:00:15:c5:74:b6:e2:08:00 SRC=192.168.1.150 DST=83.229.121.3 LEN=60 TOS=0x00 PREC=0x00 TTL=128 ID=31020 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=39447
Oct 23 10:18:48 server kernel: [ 1645.344810] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=209.191.93.53 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=31021 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=39703
Oct 23 10:18:49 server kernel: [ 1646.031272] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=94.224.89.98 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31024 PROTO=UDP SPT=21203 DPT=44902 LEN=111
Oct 23 10:18:49 server kernel: [ 1646.031309] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=151.48.182.115 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31025 PROTO=UDP SPT=21203 DPT=51271 LEN=111
Oct 23 10:18:49 server kernel: [ 1646.031328] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=86.125.128.68 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31026 PROTO=UDP SPT=21203 DPT=5686 LEN=111
Oct 23 10:18:49 server kernel: [ 1646.031345] IN=eth2 OUT=eth1 SRC=192.168.1.150 DST=79.77.106.2 LEN=131 TOS=0x00 PREC=0x00 TTL=127 ID=31027 PROTO=UDP SPT=21203 DPT=23614 LEN=111

can someone help?