The Pretty Happy Red Hat Linux Way 2

Remember all the /proc entries that I said weren't really part of the firewall?
Well, they aren't, and the iptables save doesn't care about them at all. You need to manually add them to /etc/sysctl.conf, so they can be loaded automagically on boot.
Edit /etc/sysctl.conf with your favorite editor. First, we need to edit one of the lines already present. The new line should read: net.ipv4.ip_forward = 1
Now, at the bottom of the file, add the following additional lines: net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.log_martians = 1

Remember all the /proc entries that I said weren't really part of the firewall?