Re: [gentoo-user] init.d/iptables save

Sun, 19 Oct 2003 22:40:39 -0700 

On Monday 20 October 2003 14:13, Kurt V. Hindenburg wrote:
> On Sunday 19 October 2003 10:33 pm, Jason Stubbs wrote:
>
> $iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j
> MASQUERADE

So doing this didn't work?

> | What does /var/lib/iptables/rules-save say?
>
<SNIP>

I'm no iptables expert but I can't see anything wrong. If it works if you do 
the natting after the filtering is set up, how about switching rules-save 
around so it's like this:

# Completed on Mon Oct 20 00:17:20 2003
# Generated by iptables-save v1.2.8 on Mon Oct 20 00:17:20 2003
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
[88:5356] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -f -j LOG --log-prefix "IPTABLES FRAGMENTS: "
[0:0] -A INPUT -f -j DROP
[0:0] -A INPUT -p tcp -m tcp --dport 113 -m state --state NEW -j REJECT 
--reject-with icmp-port-unreachable
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 31 -m state --state NEW -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 19150 -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 111 -m state --state NEW -j 
ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 111 -m state --state NEW -j 
ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 636 -m state --state NEW -j 
ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 739 -m state --state NEW -j 
ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 690 -m state --state NEW -j 
ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 2049 -m state --state NEW -j 
ACCEPT
[0:0] -A INPUT -i eth0 -p udp -m udp --dport 123 -m state --state NEW -j 
ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 143 -m state --state NEW -j 
ACCEPT
[0:0] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
[0:0] -A INPUT -m limit --limit 5/min -j LOG
[5:372] -A FORWARD -i eth0 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j 
ACCEPT
[5:543] -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j 
ACCEPT
[71:7323] -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A OUTPUT -o lo -j ACCEPT
COMMIT
# Completed on Mon Oct 20 00:17:20 2003
# Generated by iptables-save v1.2.8 on Mon Oct 20 00:17:20 2003
*nat
:PREROUTING ACCEPT [3:228]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
[3:228] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j MASQUERADE
COMMIT


Jason

--
[EMAIL PROTECTED] mailing list

Reply via email to