From: radu <radu@adm.utm.md>
To: netfilter@lists.netfilter.org
Subject: Re[2]: Help!!!
Date: Thu, 23 Jun 2005 16:06:41 +0300 [thread overview]
Message-ID: <1759161889.20050623160641@adm.utm.md> (raw)
In-Reply-To: <200506230714.24471.rob0@gmx.co.uk>
Hello /dev/rob0,
ok.
I modify the rule
>> iptables -I FORWARD -i eth1 -o eth0 -m state
>> --state ESTABLISHED,RELATED -j ACCEPT
in
>> iptables -I FORWARD -i eth1 -o eth0 -d 192.168.50.0/24 -m state
>> --state ESTABLISHED,RELATED -j ACCEPT
and this don't work...
[23/Jun/2005 16:00:34] "Network" action = 'denied',
descr = 'Unopened port', proto = 6, laddr = 192.168.50.101,
raddr = 217.132.77.214, lport = 2276, rport = 4662,
direc = 'in', ruleId = 0, proc = 'N/A'
Q. why rule don't work ?
Q. why this packages with flag ESTABLISHED come to me?
Thursday, June 23, 2005, 3:14:24 PM, you wrote:
dr> On Thursday 23 June 2005 06:50, radu wrote:
>> why I'm receiving on my PC packages with external ip on
>> 4690,4544,4581.. ports???
dr> That would be me. I was trying to lure you into posting something on
dr> this list. ;)
>> Internet -> linux box -> My PC(192.168.50.101)
>>
>> linux box
>> eth0 local 192.168.50.0/24
>> eth1 Internet
>>
>> my iptables config:
>>
>> iptables -P FORWARD DROP
dr> good
>> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 4662 -j DNAT
>> --to 192.168.50.101
dr> 4662/tcp packet arriving at the external interface should have their
dr> destination changed to Radu's computer ...
>> iptables -I FORWARD -d 192.168.50.101 -p tcp
>> --dport 4662 -j ACCEPT
dr> ... and those packets should be accepted.
>> iptables -I FORWARD -i eth1 -o eth0 -m state
>> --state ESTABLISHED,RELATED -j ACCEPT
dr> Any replies to established or related connections arriving at the
dr> external interface, destined to the internal interface, should be
dr> accepted.
dr> This is surely the rule letting those in. Check the connection tracking
dr> table when you see them come in.
--
Best regards,
radu mailto:radu@adm.utm.md
next prev parent reply other threads:[~2005-06-23 13:06 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-23 11:50 Help!!! radu
2005-06-23 12:14 ` Help!!! /dev/rob0
2005-06-23 13:06 ` radu [this message]
2005-06-23 14:35 ` Help!!! Jason Opperisano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1759161889.20050623160641@adm.utm.md \
--to=radu@adm.utm.md \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.