[H-GEN] weird iptables problem
Johann
johann at spot-the-dog.com
Tue Apr 22 21:44:48 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Russell Stuart wrote:
>
>
>Johann,
>
>You are masquerading incoming packets are well as outgoing ones. I
>don't have time to give a full explanation of why this is bad, so for
>now if you just insert this rule before the -j MASQUERADE one you should
>be OK:
>
>/sbin/iptables -t nat -A POSTROUTING -s ! <internal-network> -j ACCEPT
>
>eg, if you are using IP addresses 192.168.10.0 .. 192.168.10.255 for
>your internal network, then this is what you would want:
>
>/sbin/iptables -t nat -A POSTROUTING -s ! 192.168.10.0/8 -j ACCEPT
>
>
>--
>* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
>* Postings to this list are only accepted from subscribed addresses of
>* lists 'general' or 'general-post'. See http://www.humbug.org.au/
>
thanks for that, that did the trick, and clearly my understanding of
iptables is more limited than I thought. I can see where I was going
wrong now (gotta lovee hindsight), I'm just unsure why my setup was
masquerading incoming and outgoing packets and why I haven't seen this
error on other machines I'd set up. Back to more reading I guess
cheers
Johann
--
Johann Kwiatkowski
Spot The Dog Graphics
ph: (07) 33233677
fax: (07) 33233677
mobile: 0418 797 419
web: www.spot-the-dog.com
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list