I am trying to enable 'talk' on a LAN with a firewall running iptables. It's a home setup, and the main host (eg the one I work on a lot) is also the firewall. When the firewall is up, I cannot use 'talk' on the LAN, even though I have configured it to accept all input from the LAN. It turns out that the problem lies in the network address translastion function of the firewall. In the example script below, if I uncomment the 'nat' line, talk will not work:
echo "Setting default policies" #set default policies $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT #accept loopback traffic $IPTABLES -A INPUT -p all -s $LOCAL_IP -i $LO_IFACE -j ACCEPT $IPTABLES -A INPUT -p all -s $LAN_IP -i $LO_IFACE -j ACCEPT $IPTABLES -A INPUT -p all -s $STATIC_IP -i $LO_IFACE -j ACCEPT #accept input from the LAN $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -j ACCEPT # Uncommenting the line below disables 'talk' #$IPTABLES -t nat -A POSTROUTING -j SNAT --to-source $STATIC_IP $IPTABLES -A INPUT -p ALL -j LOG --log-prefix "IPT DROP no match: " $IPTABLES -A INPUT -p ALL -j DROP I need the POSTROUTING NAT for other purposes, but I would also like to have talk on the LAN. Anyone know why this lone is matching talk requests, and how I can set things up so everything works fine and dandy? BTW, when the nat line above is uincommented, talk fails with a 'Checking for invitation on caller's machine' but no packets are logged. Thanks, John Hunter _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
