> You could post your iptables-save output here to allow us to give more > specific hints... > > -hwh > -- > gentoo-user@gentoo.org mailing list > >
I cut all port forwarding rules but port 80 and all mac filtering less one and commented as such to keep the length down. Thanks again for any suggestions. -- Travis # iptables-save # Generated by iptables-save v1.2.11 on Mon Jun 27 11:15:50 2005 *nat :PREROUTING ACCEPT [216087:13609285] :POSTROUTING ACCEPT [1770:106027] :OUTPUT ACCEPT [2452:149468] # snipped other DNAT -A PREROUTING -i ppp0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.20 -A PREROUTING -i ppp0 -p udp -m udp --dport 80 -j DNAT --to-destination 192.168.1.20 -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Jun 27 11:15:50 2005 # Generated by iptables-save v1.2.11 on Mon Jun 27 11:15:50 2005 *mangle :PREROUTING ACCEPT [9719337:5380558312] :INPUT ACCEPT [709772:240958250] :FORWARD ACCEPT [98811994:50860885137] :OUTPUT ACCEPT [217470:176831399] :POSTROUTING ACCEPT [99357297:51156775257] COMMIT # Completed on Mon Jun 27 11:15:50 2005 # Generated by iptables-save v1.2.11 on Mon Jun 27 11:15:50 2005 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [217479:176832555] :mac_check - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -i ! eth1 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable -A INPUT -i ! ppp0 -m state --state NEW -j ACCEPT -A INPUT -p udp -m udp --dport 123 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i ! eth1 -j DROP -A FORWARD -p udp -m udp --sport 123 --dport 123 -j ACCEPT -A FORWARD -s 192.168.1.0/255.255.255.0 -i eth1 -j ACCEPT -A FORWARD -d 192.168.1.0/255.255.255.0 -i ppp0 -j ACCEPT -A OUTPUT -p udp -m udp --sport 123 -j ACCEPT -A mac_check -m mac --mac-source 00:30:BD:B2:49:80 -j ACCEPT # snipped other mac filtering -A mac_check -j DROP COMMIT # Completed on Mon Jun 27 11:15:50 2005 -- gentoo-user@gentoo.org mailing list
