On Thursday 06 June 2002 3:45 pm, Uwe Eisner wrote: > >Surely that means that your address translation *is* working ? > > But why is the external ip-address from the firewall showen at the www? > I specifyed the IP-address 141.12.218.99 not 141.12.129.9 (ext. > Router-IP-Address)
Sorry - I did not realise from your original email that 141.12.218.99 was not the external address of your firewall. > > I do not understand what you mean by this. Surely you do not mean that > > if you remove the POSTROUTING rule, you can still connect to a remote web > > server and have a Perl script tell you your source address ??? > > Yes, that is it! I removed every POSTROUTING rule, but I could still > connect to the web. In that case you must have Network Address Translation in operation on your external router ? If not, then there is no way that: a) privately-addressed machines 10.x.y.z, 172.16.s.t, 192.168.a.b could contact external servers b) your router address would show up on an external machine. > Afterwards I typed the flash command 'iptables -F'. Now ALL rules should > be removed, souldn't it? No. Not unless you also typed iptables -F -t nat "iptables -F" on its own will *only* clear the filtering table, not the nat table or the mangle table. Try iptables -L -t nat to see what rules you really have in place. > I started my configuration script with the new rule (see above), but > nothing has changed. > > First I tought, that iptables -F does not delete the POSTROUTING rules, Correct :-) Antony.
