From: Uwe Eisner <Uwe.Eisner@globit.com>
To: Antony Stone <Antony@Soft-Solutions.co.uk>
Cc: netfilter@lists.samba.org
Subject: Re: SNAT does not work
Date: Fri, 07 Jun 2002 12:50:44 +0200 [thread overview]
Message-ID: <3D009004.8070908@globit.com> (raw)
In-Reply-To: 200206061455.g56EttA31457@vulcan.rissington.net
[-- Attachment #1: Type: text/plain, Size: 1756 bytes --]
Hi Antony..
thx for your information! Now it works fine!
greatings
Uwe
Antony Stone schrieb:
>On Thursday 06 June 2002 3:45 pm, Uwe Eisner wrote:
>
>
>
>>>Surely that means that your address translation *is* working ?
>>>
>>>
>>But why is the external ip-address from the firewall showen at the www?
>>I specifyed the IP-address 141.12.218.99 not 141.12.129.9 (ext.
>>Router-IP-Address)
>>
>>
>
>Sorry - I did not realise from your original email that 141.12.218.99 was not
>the external address of your firewall.
>
>
>
>>>I do not understand what you mean by this. Surely you do not mean that
>>>if you remove the POSTROUTING rule, you can still connect to a remote web
>>>server and have a Perl script tell you your source address ???
>>>
>>>
>>Yes, that is it! I removed every POSTROUTING rule, but I could still
>>connect to the web.
>>
>>
>
>In that case you must have Network Address Translation in operation on your
>external router ? If not, then there is no way that:
>
>a) privately-addressed machines 10.x.y.z, 172.16.s.t, 192.168.a.b could
>contact external servers
>
>b) your router address would show up on an external machine.
>
>
>
>>Afterwards I typed the flash command 'iptables -F'. Now ALL rules should
>>be removed, souldn't it?
>>
>>
>
>No. Not unless you also typed
>iptables -F -t nat
>
>"iptables -F" on its own will *only* clear the filtering table, not the nat
>table or the mangle table.
>
>Try iptables -L -t nat to see what rules you really have in place.
>
>
>
>>I started my configuration script with the new rule (see above), but
>>nothing has changed.
>>
>>First I tought, that iptables -F does not delete the POSTROUTING rules,
>>
>>
>
>Correct :-)
>
>
>Antony.
>
>
[-- Attachment #2: Type: text/html, Size: 2453 bytes --]
prev parent reply other threads:[~2002-06-07 10:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-06 13:27 SNAT does not work Uwe Eisner
2002-06-06 13:40 ` Antony Stone
2002-06-06 13:57 ` Antony Stone
2002-06-06 14:45 ` Uwe Eisner
2002-06-06 14:55 ` Antony Stone
2002-06-07 10:50 ` Uwe Eisner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3D009004.8070908@globit.com \
--to=uwe.eisner@globit.com \
--cc=Antony@Soft-Solutions.co.uk \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.