On Sun, Sep 28, 2003 at 04:57:28AM +0300, Sami N??t?nen wrote:
> Do you have DNS in the nat firewall?
> If you do, you don't allow these queries to come in to it.
> But you should see these in your log.
Thats one thing that someone on the netfilter list has suggest, that my
firewall isn't letting dns queries through. Flushing all rules and just
having the rule from the NAT howto
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
doesn't work, where eth0 is the connection to the outside world. using
ethereal it appears that packets are being received at eth1, the local
network, but eth1 is not transmitting these packets. I know that the
card that supplies eth1 works as it used to supply eth0 in my old
machine.
> Could you possibly post what the status thing in your script outputs?
skymoo root # /etc/init.d/firewall showstatus
* Status...
Chain INPUT (policy DROP 10 packets, 1392 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 15 1136 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
3 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
2 0 0 ACCEPT all -- * * 10.0.0.0/24 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 13 749 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
* NAT status
Chain PREROUTING (policy ACCEPT 10 packets, 1392 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 1 60 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes)
num pkts bytes target prot opt in out source destination
[ ok ]
skymoo root #
Cheers
Adam
--
[EMAIL PROTECTED] mailing list
