From: David Cannings <lists@edeca.net>
To: netfilter@lists.netfilter.org
Subject: Re: Not forwarding?
Date: Sun, 28 Mar 2004 22:14:48 +0100 [thread overview]
Message-ID: <200403282214.48757.lists@edeca.net> (raw)
In-Reply-To: <20040328165948.66bef4ef@darna.vectec.net>
On Sunday 28 March 2004 21:59, Cody Harris wrote:
> On Sun, 28 Mar 2004 21:48:46 +0100,
> Someone named Antony Stone <Antony@Soft-Solutions.co.uk> wrote:
> > 1. Is any other protocol being forwarded correctly?
> I'm only forwarding tcp, i don't know what the deal is with ICMP.
What about other application level protocols, such as HTTP, FTP or IMAP?
Note that you should try to connect to something other than your
netfilter machine, for the reasons described below.
> > 2. What does "cat /proc/sys/net/ipv4/ip_forward" return?
> 1
This is fine.
> > 3. What do you mean by "properly"? Does ssh work at all?
> > Sometimes? From some machines? Only for a certain time, then
> > stops? What?
> It logs into my firewall. We've tested that by creating "phoneyuser" on
> the firewall and logging in as that.
You can log in to the firewall because your INPUT chain has a default
ACCEPT policy and you don't drop packets coming in on 22. Can you
connect to SSH servers on the other side of the netfilter machine? This
is where the FORWARD chain comes into action.
As an aside, note that creating "phoneyuser" doesn't really test netfilter
at all. You either can or can't connect to the port, netfilter wont stop
any specific user from logging in.
As Anthony asked, please paste at least your FORWARD chain using the -v
switch to iptables so we can see the counters.
David
next prev parent reply other threads:[~2004-03-28 21:14 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-28 19:52 Not forwarding? Cody Harris
2004-03-28 20:43 ` David Cannings
2004-03-28 20:54 ` Antony Stone
2004-03-28 21:07 ` Cody Harris
2004-03-28 21:15 ` David Cannings
2004-03-29 19:53 ` Cody Harris
2004-03-28 21:24 ` Antony Stone
2004-03-29 19:51 ` Cody Harris
2004-03-29 20:26 ` Cody Harris
2004-03-29 21:42 ` Antony Stone
2004-03-29 22:56 ` Cody Harris
2004-03-30 7:48 ` Antony Stone
2004-03-30 11:33 ` Cody Harris
2004-03-30 11:53 ` Antony Stone
2004-03-30 20:01 ` Adding a flag to a packet Cody Harris
2004-03-30 20:24 ` Antony Stone
2004-03-30 20:35 ` Cody Harris
2004-03-30 20:50 ` Antony Stone
2004-03-30 21:06 ` Cody Harris
2004-03-30 21:23 ` Antony Stone
2004-03-30 21:28 ` Cody Harris
2004-03-30 21:40 ` Antony Stone
2004-03-30 22:19 ` Cody Harris
2004-03-31 8:19 ` Cedric Blancher
2004-03-31 8:22 ` Cedric Blancher
2004-03-30 22:12 ` Tony Earnshaw
2004-03-30 22:25 ` Cody Harris
2004-03-30 23:46 ` Antony Stone
2004-03-31 0:21 ` Tony Earnshaw
2004-03-28 20:48 ` Not forwarding? Antony Stone
2004-03-28 20:59 ` Cody Harris
2004-03-28 21:09 ` Antony Stone
2004-03-28 21:16 ` Cody Harris
2004-03-28 21:14 ` David Cannings [this message]
2004-03-28 21:15 ` Cody Harris
2004-03-28 21:32 ` Antony Stone
-- strict thread matches above, loose matches on Subject: below --
2004-03-28 19:49 Cody Harris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200403282214.48757.lists@edeca.net \
--to=lists@edeca.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.