* OK dumb questions
@ 2003-12-11 18:09 Michael Gale
2003-12-11 18:51 ` Antony Stone
0 siblings, 1 reply; 5+ messages in thread
From: Michael Gale @ 2003-12-11 18:09 UTC (permalink / raw)
To: netfilter
Hello,
I have a firewall setup with the default policy to block.
I have a DNAT rule to DNAT incoming connections to a internal IP.
I then have a EXT to INT forward rule for port 80 - state NEW
I then have a EXT to INT forward rule for ESTABLISHED connections
I then have a INT to EXT forward rule for ESTABLISHED connections
This is working great the problem ...
I am not able to get this machine to make a out bound connection :(
I tried enabling logging and nothing ... it is NOT until I change the default policy to ACCEPT that I can make a out bound connection.
The only difference in the log files is that with the default set to ACCEPT it makes it to the NATPOST target ...
The NAT tables have a default of ACCEPT from the beginning
--
Michael Gale
Network Administrator
Utilitran Corporation
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: OK dumb questions
2003-12-11 18:09 OK dumb questions Michael Gale
@ 2003-12-11 18:51 ` Antony Stone
2003-12-11 19:16 ` Michael Gale
0 siblings, 1 reply; 5+ messages in thread
From: Antony Stone @ 2003-12-11 18:51 UTC (permalink / raw)
To: netfilter
On Thursday 11 December 2003 6:09 pm, Michael Gale wrote:
> Hello,
>
> I have a firewall setup with the default policy to block.
>
> I have a DNAT rule to DNAT incoming connections to a internal IP.
> I then have a EXT to INT forward rule for port 80 - state NEW
> I then have a EXT to INT forward rule for ESTABLISHED connections
> I then have a INT to EXT forward rule for ESTABLISHED connections
>
> This is working great the problem ...
>
> I am not able to get this machine to make a out bound connection :(
Because there is no rule INT to EXT for NEW packets.
Antony.
--
Ramdisk is not an installation procedure.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: OK dumb questions
2003-12-11 18:51 ` Antony Stone
@ 2003-12-11 19:16 ` Michael Gale
2003-12-11 19:24 ` Antony Stone
2003-12-11 19:33 ` Jeffrey Laramie
0 siblings, 2 replies; 5+ messages in thread
From: Michael Gale @ 2003-12-11 19:16 UTC (permalink / raw)
To: netfilter
oh dumb ass -- I am fired !!!
Michael.
On Thu, 11 Dec 2003 18:51:09 +0000
Antony Stone <Antony@Soft-Solutions.co.uk> wrote:
> On Thursday 11 December 2003 6:09 pm, Michael Gale wrote:
>
> > Hello,
> >
> > I have a firewall setup with the default policy to block.
> >
> > I have a DNAT rule to DNAT incoming connections to a internal IP.
> > I then have a EXT to INT forward rule for port 80 - state NEW
> > I then have a EXT to INT forward rule for ESTABLISHED connections
> > I then have a INT to EXT forward rule for ESTABLISHED connections
> >
> > This is working great the problem ...
> >
> > I am not able to get this machine to make a out bound connection :(
>
> Because there is no rule INT to EXT for NEW packets.
>
> Antony.
>
> --
> Ramdisk is not an installation procedure.
>
> Please reply to the list;
> please don't CC me.
>
>
--
Michael Gale
Network Administrator
Utilitran Corporation
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: OK dumb questions
2003-12-11 19:16 ` Michael Gale
@ 2003-12-11 19:24 ` Antony Stone
2003-12-11 19:33 ` Jeffrey Laramie
1 sibling, 0 replies; 5+ messages in thread
From: Antony Stone @ 2003-12-11 19:24 UTC (permalink / raw)
To: netfilter
On Thursday 11 December 2003 7:16 pm, Michael Gale wrote:
> oh dumb ass -- I am fired !!!
Look on the bright side - you chose the right subject line :))
Antony
> On Thu, 11 Dec 2003 18:51:09 +0000
>
> Antony Stone <Antony@Soft-Solutions.co.uk> wrote:
> > On Thursday 11 December 2003 6:09 pm, Michael Gale wrote:
> > > Hello,
> > >
> > > I have a firewall setup with the default policy to block.
> > >
> > > I have a DNAT rule to DNAT incoming connections to a internal IP.
> > > I then have a EXT to INT forward rule for port 80 - state NEW
> > > I then have a EXT to INT forward rule for ESTABLISHED connections
> > > I then have a INT to EXT forward rule for ESTABLISHED connections
> > >
> > > This is working great the problem ...
> > >
> > > I am not able to get this machine to make a out bound connection :(
> >
> > Because there is no rule INT to EXT for NEW packets.
> >
> > Antony.
> >
> > --
> > Ramdisk is not an installation procedure.
> >
> > Please reply to the
> > list; please don't CC me.
--
Having been asked for a reference for this man,
I can confirm that you will be very lucky indeed if you can get him to work
for you.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: OK dumb questions
2003-12-11 19:16 ` Michael Gale
2003-12-11 19:24 ` Antony Stone
@ 2003-12-11 19:33 ` Jeffrey Laramie
1 sibling, 0 replies; 5+ messages in thread
From: Jeffrey Laramie @ 2003-12-11 19:33 UTC (permalink / raw)
To: netfilter
On Thursday 11 December 2003 14:16, Michael Gale wrote:
> oh dumb ass -- I am fired !!!
>
> Michael.
>
>
At least I didn't have to do it this time! Eh Antony? ;-)
Jeff
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-12-11 19:33 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-12-11 18:09 OK dumb questions Michael Gale
2003-12-11 18:51 ` Antony Stone
2003-12-11 19:16 ` Michael Gale
2003-12-11 19:24 ` Antony Stone
2003-12-11 19:33 ` Jeffrey Laramie
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.