Hi Antony..

thx for your information! Now it works fine!

greatings
Uwe



Antony Stone schrieb:

>On Thursday 06 June 2002 3:45 pm, Uwe Eisner wrote:
>
>  
>
>>>Surely that means that your address translation *is* working ?
>>>      
>>>
>>But why is the external ip-address from the firewall showen at the www?
>>I specifyed the IP-address 141.12.218.99 not 141.12.129.9 (ext.
>>Router-IP-Address)
>>    
>>
>
>Sorry - I did not realise from your original email that 141.12.218.99 was not 
>the external address of your firewall.
>
>  
>
>>>I do not understand what you mean by this.   Surely you do not mean that
>>>if you remove the POSTROUTING rule, you can still connect to a remote web
>>>server and have a Perl script tell you your source address ???
>>>      
>>>
>>Yes, that is it! I removed every POSTROUTING rule, but I could still
>>connect to the web.
>>    
>>
>
>In that case you must have Network Address Translation in operation on your 
>external router ?   If not, then there is no way that:
>
>a) privately-addressed machines 10.x.y.z, 172.16.s.t, 192.168.a.b could 
>contact external servers
>
>b) your router address would show up on an external machine.
>
>  
>
>>Afterwards I typed the flash command 'iptables -F'. Now ALL rules should
>>be removed, souldn't it?
>>    
>>
>
>No.   Not unless you also typed
>iptables -F -t nat
>
>"iptables -F" on its own will *only* clear the filtering table, not the nat 
>table or the mangle table.
>
>Try iptables -L -t nat to see what rules you really have in place.
>
>  
>
>>I started my configuration script with the new rule (see above), but
>>nothing has changed.
>>
>>First I tought, that iptables -F does not delete the POSTROUTING rules,
>>    
>>
>
>Correct :-)
>
>
>Antony.
>  
>