POSTROUTING chain not built...

Tue, 30 Apr 2002 07:29:13 -0700 

I am using RH 7.1, kernel 2.4.9-21 and iptables.1.2.4-0.71.2 from a RedHat 
rpm.

When I run the following script and then produce a rules listing 
(/sbin/iptables --list -nv --line-numbers) I do NOT get any indication 
that the POSTROUTING chain has been built.

What do I check next?

Thanks, BobH

#-----------<script>---------------------------------------------------------------
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

# Enable IP forwarding between interfaces FIRST (sets defaults for others)
# Needed for MASQUERADE'ing
echo 1 > /proc/sys/net/ipv4/ip_forward

# Remove any existing rules from all chains
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

# Unlimited traffic on the loopback interface
iptables -A INPUT  -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Unlimited traffic on the local LAN interface
iptables -A INPUT  -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT

# Set the default policy to drop
iptables --policy INPUT   DROP
iptables --policy OUTPUT  DROP
iptables --policy FORWARD DROP

iptables -t nat --policy PREROUTING  ACCEPT
iptables -t nat --policy POSTROUTING ACCEPT

# Remove any pre-existing user-defined chains
iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain

#...........................
# More general rule

iptables -t nat -A POSTROUTING -o ppp0  \
         -j MASQUERADE

# Disallow NEW & INVALID incoming or forwarded packets from ppp0

iptables -A INPUT -i ppp0 \
         -m state --state NEW,INVALID \
         -j DROP

iptables -A FORWARD -i ppp0 \
         -m state --state NEW,INVALID \
         -j DROP

#-----------</script>------------------------------

Output of /sbin/iptables --list -nv --line-numbers:

Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination   
      
1        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0     
     
2        1    76 ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0     
     
3        0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0     
     state INVALID,NEW 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination   
      
1        0     0 DROP       all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0     
     state INVALID,NEW 

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination   
      
1        0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0     
     
2        0     0 ACCEPT     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0     
     


-- 
-------------------------------------------------
Bob Hillegas           
<[EMAIL PROTECTED]> 
281.546.9311

Reply via email to