[H-GEN] iptables... maybe?
Damian Bickhoff
dmpb at dingoblue.net.au
Tue Aug 21 18:04:32 EDT 2001
On Tue, Aug 21, 2001 at 09:52:59PM +1000, Sandra Milne wrote:
> ok, this is a list of my rules... i think i have it figured out. but before
> i go to all the trouble of inserting the 2nd network card back into the
> linux machine and trying it out, could somebody please lemme know if these
> rules will allow basic routing?
You'll still have to turn on /proc/sys/net/ipv4/ip_forward, and turn off
/proc/sys/net/ipv4/tcp_ecn if you have it. (The latter isn't necessary,
but dumb routers just drop your packets if it's on.)
> # Generated by iptables-save v1.2.2 on Mon Aug 20 02:04:32 2001
> [...]
The numbers in square brackets look like packet / byte counts, so you
can take them out. I can't really comment on that format of rule
specification, since I'm in a rush to get to work, but I'm attaching my
firewall rules as an example of one setup that works. It may even be a
decent set of rules. ;)
(In this example file I've disabled the strict INPUT filtering, because
I use centericq on my gateway, and it gets silly unless it can open
ports by itself.)
--
damian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iptables.sh
Type: text/x-sh
Size: 2049 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20010822/773a9878/attachment.sh>
More information about the General
mailing list