[H-GEN] iptables... maybe?

Damian Bickhoff dmpb at dingoblue.net.au
Tue Aug 21 18:04:32 EDT 2001


On Tue, Aug 21, 2001 at 09:52:59PM +1000, Sandra Milne wrote:
> ok, this is a list of my rules... i think i have it figured out. but before 
> i go to all the trouble of inserting the 2nd network card back into the 
> linux machine and trying it out, could somebody please lemme know if these 
> rules will allow basic routing?

You'll still have to turn on /proc/sys/net/ipv4/ip_forward, and turn off
/proc/sys/net/ipv4/tcp_ecn if you have it.  (The latter isn't necessary,
but dumb routers just drop your packets if it's on.)

> # Generated by iptables-save v1.2.2 on Mon Aug 20 02:04:32 2001
> [...]

The numbers in square brackets look like packet / byte counts, so you
can take them out.  I can't really comment on that format of rule
specification, since I'm in a rush to get to work, but I'm attaching my
firewall rules as an example of one setup that works.  It may even be a
decent set of rules. ;)

(In this example file I've disabled the strict INPUT filtering, because
I use centericq on my gateway, and it gets silly unless it can open
ports by itself.)
-- 
damian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iptables.sh
Type: text/x-sh
Size: 2049 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20010822/773a9878/attachment.sh>


More information about the General mailing list