I'm Just beginnig to build iptable rules. So I'm
starting out with the
INPUT set to ACCEPT
the
OUTPUT set to ACCEPT
and the
FORWARD set to DROP.
I've added rules to the INPUT to ACCEPT tcp
connections on dport 22.
I've added rules to the FORWARD to ACCEPT incoming
packets from the inside interface and the outside
interface. And to ACCEPT packets going out of
these same interfaces as well.
I'm routing through the firewall box just fine.
I can surf the Internet from the inside network.
I can ssh to the firewall box from the inside.
I can ssh to a box out on the Internet.
BUT....
I cannot ssh from a box out on the Internet to
my firewall box (from the outside to the fw box).
I don't know if it's related, but When I run this
rule I get the error below :
[prompt]# /sbin/iptables -I FORWARD 2 -i eth0 -o eth2 -m state \
> --state ESTABLISHED,RELATED -j ACCEPT
iptables: No chain/target/match by that name
I've search the Internet over and I've not found
an answer (that I can understand).
I saw some threads that refered to the
ip_conntrack, and I do have that under the
/proc/net directory.
I saw a statement in a thread about loading the
ip_state module. I tried that but I don't have
it. Does this matter?
How do I check my kernel config file to see if it
was compiled?
Is the ip_conntrack the same as the ip_state
module?
What could be causing this error, and what could
be keeping ssh connections from being established
from the outside?
Thanks,
kelly
