[H-GEN] weird iptables problem
Robert Stuart
Robert.Stuart at qsa.qld.edu.au
Tue Apr 22 19:42:45 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Johann wrote:
[snip]
> In case I had accidently added something to the ruleset, I cut things
> down to the following rules, which should allow everything and set up
> masquerading
>
> /sbin/iptables -F
> /sbin/iptables -F -t nat
> /sbin/iptables -X
>
> followed by
>
> /sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> /sbin/iptables -A FORWARD -i eth0 -j ACCEPT
Hi Johann,
Could you post the output of both:
#iptables -L -vn
#iptables -t nat -L -vn
The fact that those packets are being logged means that they could ONLY
be dropped if the policy says to - the packets are getting to the last
rule in your chain; doing a -j LOG which returns the flow to the chain;
and then not going anywhere.
Hope that helps.
--
Robert Stuart
Systems Administrator
Ph: 61 7 3864 0364
Fax: 61 7 3221 2553
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list