Re: iptables grief
On Sunday 08 September 2002 02:38 pm, Joe Giles wrote: > I know this is not in relation to your problem, but I'm new to IPTABELS > and learning. I have managed to use Firestarter to set up my initial > rules, then I just modify the firestarter.sh file. However, I read your > iptables file and noticed that there are numbers within brackets like > [224:19779]. What are those numbers for? I think they refer to the number of packets:bytes that that particular rule processed. ...Stephen -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: iptables grief
I know this is not in relation to your problem, but I'm new to IPTABELS and learning. I have managed to use Firestarter to set up my initial rules, then I just modify the firestarter.sh file. However, I read your iptables file and noticed that there are numbers within brackets like [224:19779]. What are those numbers for? Thanks Joe Stephen Rasku said: > I am using the following setup: > > Internet > | > Cable Modem > | > | -- Firewall: eth0 (IP assigned by DHCP) > | > Firewall > | > | -- Firewall: eth1 (static: 192.168.0.254) > | > Null Ethernet Cable > | > | -- Workstation: eth0 (static: 192.168.0.1) > | > Workstation > >>From the firewall, I can ping the workstation and I can get full access >> to the > Internet. From the workstation, I can ping the firewall and I can ping > 66.218.71.84 (yahoo) but I can't get Mozilla to work. I have attached > my iptables rules. > > Any ideas? > > ...Stephen -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
Re: iptables grief
+-[ Stephen Rasku on Sat, 07 Sep 2002 20:30:57 -0700 ]- [...] >From the firewall, I can ping the workstation and I can get full access to the >Internet. From the workstation, I can ping the firewall and I can ping >66.218.71.84 (yahoo) but I can't get Mozilla to work. I have attached my >iptables rules. > >Any ideas? > >...Stephen > +-[ end: Stephen Rasku <[EMAIL PROTECTED]> ]- 1st hint: have a look in your /var/log/messages file to see what traffic your firewall drops when you're trying to browse / the protocols, the sports and dports, the interfaces... 2nd hint: have you tried to let your client machine resolve a domain name by pinging yahoo.com? 3rd hint: open --dport 53/domain in FORWARDing chain for both -p TCP and -p UDP -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
iptables grief
I am using the following setup: Internet | Cable Modem | | -- Firewall: eth0 (IP assigned by DHCP) | Firewall | | -- Firewall: eth1 (static: 192.168.0.254) | Null Ethernet Cable | | -- Workstation: eth0 (static: 192.168.0.1) | Workstation >From the firewall, I can ping the workstation and I can get full access to the Internet. From the workstation, I can ping the firewall and I can ping 66.218.71.84 (yahoo) but I can't get Mozilla to work. I have attached my iptables rules. Any ideas? ...Stephen # Generated by iptables-save v1.2.4 on Fri May 26 14:19:36 1995 *nat :PREROUTING ACCEPT [519:42839] :POSTROUTING ACCEPT [237:15567] :OUTPUT ACCEPT [236:15705] [93:7041] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j MASQUERADE COMMIT # Completed on Fri May 26 14:19:36 1995 # Generated by iptables-save v1.2.4 on Fri May 26 14:19:36 1995 *filter :INPUT DROP [224:19779] :FORWARD DROP [188:12590] :OUTPUT ACCEPT [1434:107304] :tcprules - [0:0] [500:52099] -A INPUT -j tcprules [556:47547] -A FORWARD -j tcprules [805:74775] -A tcprules -i eth+ -j LOG --log-prefix "Received Packet: " [370:39943] -A tcprules -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT [11:953] -A tcprules -i ! eth0 -j ACCEPT [90:13372] -A tcprules -i eth0 -j LOG --log-prefix "Dropped: " [90:13372] -A tcprules -i eth0 -m state --state INVALID,NEW -j DROP COMMIT # Completed on Fri May 26 14:19:36 1995
