Re: NAT & MySQL - Jeffrey Laramie

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeffrey Laramie <JALaramie@Loudoun-Fairfax.com>
To: netfilter@lists.netfilter.org
Subject: Re: NAT & MySQL
Date: Tue, 25 Nov 2003 16:24:55 -0500	[thread overview]
Message-ID: <3FC3C8A7.2030301@Loudoun-Fairfax.com> (raw)
In-Reply-To: <200311251923.hAPJNpiu001203@server5.bandwidthco.com>

Mark E. Donaldson wrote:

> The ACK packets you see in your dump are probably being dropped at the 
> firewall because a state table entry does not exist.  So you need to 
> add a NEW rule to do this:
>  
> iptables -A FORWARD -i ppp0 -o eth0 -m state --state NEW -j ACCEPT
>  
> this rule will then allow your ESTABLISHED,RELATED rule to work and 
> permit those ACK packets to pass.
>
>

Hi Mark,

I'm not sure I understand what this rule does for him. Only the first 
packet from the web client would be NEW and based on his FORWARD rules 
that's been accepted and the dump shows it went through (although I'd 
still like to see his SNAT rule). Your rule would open his mysql server 
to any NEW packet. Are you saying that the RELATED ACK packets won't go 
through unless the first packet is matched with a NEW state and makes an 
entry in the state table?

Jeff

next prev parent reply	other threads:[~2003-11-25 21:24 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-11-25 12:17 NAT & MySQL adburne
2003-11-25 17:19 ` Jeffrey Laramie
2003-11-25 19:23 ` Mark E. Donaldson
2003-11-25 21:24   ` Jeffrey Laramie [this message]
2003-11-26  2:56     ` Mark E. Donaldson
2003-11-26  3:38       ` Jeffrey Laramie
2003-11-27 14:50         ` adburne
     [not found] <3FC4EDAA.6080009@Loudoun-Fairfax.com>
2003-11-27 12:22 ` Alejandro D. Burne

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3FC3C8A7.2030301@Loudoun-Fairfax.com \
    --to=jalaramie@loudoun-fairfax.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.