Hello,
I thought that these iptables rules:
snoopy:~# iptables -v -L ppp0-out
Chain ppp0-out (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any 192.168.0.0/16 anywhere
LOG level warning
0 0 REJECT all -- any any 192.168.0.0/16 anywhere
reject-with icmp-port-unreachable
9 868 ACCEPT all -- any any anywhere anywhere
and:
Chain OUTPUT (policy DROP 1 packets, 40 bytes)
pkts bytes target prot opt in out source destination
26 1994 ppp0-out all -- any ppp0 anywhere anywhere
would prevent packets with the source address 192.168.*.* from
appearing on ppp0, however it doesn't. In fact, even if I run ping to
an outside host from a 192.168.*.* computer (eth0), none of the
counters for INPUT, FORWARD, or OUTPUT are incremented (if I turn on
masquerading everything works as expected though).
So, how can the packet get received by eth0, be forwarded to ppp0, and
transmitted out ppp0 without any of the chain counters recording it?
I know the packet is appearing on ppp0 by looking at tcpdump, ifconfig
and the transmit light on the modem.
I am confused...
I can only guess that some sort of optimisation is occurring, but
seems strange it only occurs without masquerading or SNAT.
Am I doing something obvious wrong?
--
Brian May <[EMAIL PROTECTED]>
