Re: Very newB questions

[Steve Comfort <steve@4Dllc.com>]

Hi John, gents,

> Have you bookmarked and printed Oscar Andreasson's tutorial at 
> http://iptables-tutorial.frozentux.net ?  I think it's the hands-down 
> best document around regarding iptables. 

First off John, thanks for all your suggestions: I won't comment yet, 
'cos its early in the morning here and my braincells are still chugging 
into life. I started looking at Netfilter yesterday :) Yes, I found the 
tutorial and have downloaded it and am busy trying to absorb as much as 
I can.

> Out of curiosity, is this an embedded system you are making into a 
> firewall/router, or what?  I've compiled and used iptables and ip 
> commands for ARM-based Sharp Zaurus handhelds.  (I actually used one 
> of mine as a wireless->GPRS gateway for a few days of DSL outage, 
> feeding my LAN traffic and newkirk.us domain traffic over 802.11b to 
> the Zaurus, then via IRDA over my cellphone GPRS tunnelled to my 
> office, an ISP) 

(You must have really needed to be connected :) Yes, the CPU is an 
IXP425, with an Atheros wireless chipset and ethernet PHY on the other 
side. Obviously the product is a broadband wifi thingy. I've just 
finished getting netSNMP working on it, as well as PPPOE, so the 
firewalling is about the last piece of the puzzle that needs to be 
placed before it can take its first steps into the big bad world out 
there :)

> Yep.  As Mr Stone mentioned, ACCEPT is a target, NOT a chain.  
> However, the way iptables rules work, if the target is NOT a valid 
> target (ACCEPT,REJECT,DROP,SNAT,DNAT,MASQUERADE, that sort of thing) 
> then it assumes it's the name of a custom rule chain, named ACC in 
> this case, and then fails when it can't find said chain.  I also 
> notice that it seems to be truncating the iptables version number?  
> Very odd. 

Indeed :) Hopefully I will be able to enlighten myself as to why sooner 
rather than later...

Best regards
Steve