> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of Marcus Moeller
> Sent: Tuesday, February 10, 2009 2:49 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] iptables: forwarding on internal device
>
> I
Dear Nataraj,
>> > You are going to have to add rules to both your INPUT and OUTPUT
>> > chains to allow this traffic through. Could you send on a copy of
>> > /etc/sysconfig/iptables, if that is how your are loading these rules?
>> > I could then send you the exact commands to run.
>
> One thing
On Sat, 2009-02-07 at 08:43 +0100, Marcus Moeller wrote:
> Dear Joshua.
>
> > You are going to have to add rules to both your INPUT and OUTPUT
> > chains to allow this traffic through. Could you send on a copy of
> > /etc/sysconfig/iptables, if that is how your are loading these rules?
> > I could
Good Evening.
>> LAN1 -> LINUX_ROUTER -> LAN2
>>
>> Response:
>>
>> LAN2 -> CORE-ROUTER(with LINUX_ROUTER as default Gateway) ->
>> LINUX_ROUTER | BLOCKED | LAN1
>>
>> This may be the case as the CORE-ROUTER was not part of the network in
>> good ol' slacky times.
>
> You do have all your Rou
> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of Marcus Moeller
> Sent: Tuesday, February 10, 2009 1:19 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] iptables: forwarding on internal device
> I now begi
Good Evening,
>> The strange thing is that it seems to be blocked by netfilter. I am
>> using exactly the same rules on a Slackware Box without any problems.
>
> Slackware is the Key here Marcus. The two distros have different modules
> built into the kernel by default and maybe a cause for w
> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of Marcus Moeller
> Sent: Monday, February 09, 2009 6:11 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] iptables: forwarding on internal device
>
> Hi agai
Marcus Moeller wrote:
> Hi,
>
>
>>> iptables -L -v now shows:
>>>
>>> 0 0 ACCEPT all -- eth0 eth0anywhere
>>> anywherestate NEW,RELATED,ESTABLISHED
>>>
>>> But the packages are still dropped:
>>>
>>> Feb 9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
>>> S
Dear Michael,
> The system you are trying to forward with has at least two nics on
> different networks?
> However you are trying to forward between aliases on one nic that is
> located on your internal network?
> And the other nic connects to a DMZ or gateway network?
> This system is not a decic
Hello,
The system you are trying to forward with has at least two nics on
different networks?
However you are trying to forward between aliases on one nic that is
located on your internal network?
And the other nic connects to a DMZ or gateway network?
This system is not a decicated routing/forw
Marcus Moeller wrote on Mon, 9 Feb 2009 14:23:02 +0100:
Google for that as a string
> iptables -A FORWARD -i eth0 -o eth0
and you will see quite a few hits, also in German. For instance
http://www.linuxforen.de/forums/showthread.php?t=81200
It seems you are either doing something wrong or testi
Hi,
>> iptables -L -v now shows:
>>
>> 0 0 ACCEPT all -- eth0 eth0anywhere
>> anywherestate NEW,RELATED,ESTABLISHED
>>
>> But the packages are still dropped:
>>
>> Feb 9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
>> SRC=192.168.100.192 DST=172.28.2.161 LEN
Marcus Moeller wrote:
> Good Morning,
>
> iptables -L -v now shows:
>
> 0 0 ACCEPT all -- eth0 eth0anywhere
> anywherestate NEW,RELATED,ESTABLISHED
>
> But the packages are still dropped:
>
> Feb 9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
> SRC=192.168.10
Hi again,
> Yes that would be correct Marcus echo it into /proc or in /etc/sysctl.conf
> would be
> # Controls IP packet forwarding
> net.ipv4.ip_forward = 1
This is what I have done already. sysctl -p gives me:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.ac
> -Original Message-
> From: centos-boun...@centos.org
> [mailto:centos-boun...@centos.org] On Behalf Of Marcus Moeller
> Sent: Monday, February 09, 2009 2:59 AM
> To: CentOS mailing list
> Subject: Re: [CentOS] iptables: forwarding on internal device
>
> Good M
Good Morning,
iptables -L -v now shows:
0 0 ACCEPT all -- eth0 eth0anywhere
anywherestate NEW,RELATED,ESTABLISHED
But the packages are still dropped:
Feb 9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
SRC=192.168.100.192 DST=172.28.2.161 LEN=44 TOS=0x00 P
On Saturday 07 February 2009 14:22, Filipe Brandenburger wrote:
> I suggest you verify the output of "iptables -nvL" after you load the
> rule again, and verify the contents of /etc/sysconfig/iptables after
> you run "service iptables save" again. If there is indeed a problem,
> looking at tho
On Saturday 07 February 2009 13:17, Marcus Moeller wrote:
> >> > Iptables -nL
> >> >
> >> > Show?
> >>
> >> Here is the complete output (there are a lot of other rules active on
> >> that machine):
> >
> > [snip]
> >
> > Your rule is not showing up. How did you set this rule up?
>
Hi Marcus,
On Sat, Feb 7, 2009 at 13:17, Marcus Moeller wrote:
> Doesn't it fit to just execute service iptables save?
"service iptables save" will merely copy what you have running
(basically what "iptables -nvL" outputs) and save it to
/etc/sysconfig/iptables, so that that same configuration w
2009/2/7 Robert Spangler :
> On Friday 06 February 2009 15:57, Marcus Moeller wrote:
>
>> Hi Again.
>>
>> > Iptables -nL
>> >
>> > Show?
>>
>> Here is the complete output (there are a lot of other rules active on
>> that machine):
>
> [snip]
>
> Your rule is not showing up. How did you set t
On Friday 06 February 2009 15:57, Marcus Moeller wrote:
> Hi Again.
>
> > Iptables -nL
> >
> > Show?
>
> Here is the complete output (there are a lot of other rules active on
> that machine):
[snip]
Your rule is not showing up. How did you set this rule up?
If you added it to your firewal
Hi Marcus,
I looked at your iptables output at pastebin.
I don't see any rules like the one you mentioned on your first post:
/sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
Could you double check that and add the rule if it is missing?
Thanks,
Fili
Dear Filipe,
> On Fri, Feb 6, 2009 at 13:13, Marcus Moeller wrote:
>> I am trying to forward packages on an internal device using iptables:
>>
>> /sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
>> NEW,RELATED,ESTABLISHED -j ACCEPT
>
> What is your network topology? How are the packages
Dear Joshua.
> You are going to have to add rules to both your INPUT and OUTPUT
> chains to allow this traffic through. Could you send on a copy of
> /etc/sysconfig/iptables, if that is how your are loading these rules?
> I could then send you the exact commands to run.
>
I am not sure why I scho
Hi Marcus,
On Fri, Feb 6, 2009 at 13:13, Marcus Moeller wrote:
> I am trying to forward packages on an internal device using iptables:
>
> /sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
> NEW,RELATED,ESTABLISHED -j ACCEPT
What is your network topology? How are the packages being rout
You are going to have to add rules to both your INPUT and OUTPUT
chains to allow this traffic through. Could you send on a copy of
/etc/sysconfig/iptables, if that is how your are loading these rules?
I could then send you the exact commands to run.
Josh
On Fri, Feb 6, 2009 at 1:57 PM, Marcus Mo
Hi Again.
> Iptables -nL
>
> Show?
Here is the complete output (there are a lot of other rules active on
that machine):
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/00.0.0.0/0
my_dropall -- 10.0.0.0/8 0.0.0.
What does
Iptables -nL
Show?
--Original Message--
From: Marcus Moeller
Sender: centos-boun...@centos.org
To: CentOS mailing list
ReplyTo: CentOS mailing list
Sent: Feb 6, 2009 1:15 PM
Subject: Re: [CentOS] iptables: forwarding on internal device
Dear Josh,
> What does your input
Dear Josh,
> What does your input and output chains show?
>
> Josh
I guess you mean the forward rules:
ACCEPT all -- eth0 eth0anywhere anywhere
state NEW,RELATED,ESTABLISHED
Best Regards
Marcus
___
CentOS mailing list
Cent
What does your input and output chains show?
Josh
--Original Message--
From: Marcus Moeller
Sender: centos-boun...@centos.org
To: CentOS mailing list
ReplyTo: CentOS mailing list
Sent: Feb 6, 2009 11:13 AM
Subject: [CentOS] iptables: forwarding on internal device
Good Evening,
I am
Good Evening,
I am trying to forward packages on an internal device using iptables:
/sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT
but the packages are still blocked, e.g.:
Feb 6 20:58:28 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
SRC=192.168.100.1
31 matches
Mail list logo
