From: Chinh Nguyen <cnguyen@certicom.com>
To: Daniel Nogradi <nogradi@gmail.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: updated iptables doesn't work with old rules
Date: Wed, 22 Feb 2006 17:18:32 -0500 [thread overview]
Message-ID: <43FCE338.4090306@certicom.com> (raw)
In-Reply-To: <5f56302b0602221357k27931798n7d521184123bb1c9@mail.gmail.com>
Daniel Nogradi wrote:
>
> Hi Chinh, I tried interchanging eth0 and eth1 and still no luck. I
> didn't want to restrict the source yet, because I first would like to
> see that it works at all, and then start tightening security.
> /var/log/messages also says nothing. Is there any other log file which
> would be useful to check?
>
I just did a quick test. With ip_forwarding on and no restrictions, it is
sufficient to use the MASQUERADE rule, no FORWARD rule needed. If MASQUERADE
isn't working, you can also try the SNAT rule.
To see how your packets are going through iptables, you can turn on some logging:
iptables -A PREROUTING -t nat --in-interface eth1 -j LOG --log-prefix "nat: "
iptables -A FORWARD --in-interface eth1 -j LOG --log-prefix "out-fwd: "
and so on.
These logs are kernel messages, so if kernel logs aren't enabled, you can edit
the /etc/syslog.conf file and restart syslogd. For example:
kern.* /var/log/messages
Just a thought, how is your machine B resolving DNS? I'm assuming that machine A
gets its networking values including DNS from the modem. Is it communicating
this to machine B? Maybe it's a DNS issue. For example, are you testing by
pinging "google.com" or directly via an IP address?
Regards,
Chinh
next prev parent reply other threads:[~2006-02-22 22:18 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-22 9:58 updated iptables doesn't work with old rules Daniel Nogradi
2006-02-22 11:01 ` Rob Sterenborg
2006-02-22 11:25 ` Daniel Nogradi
2006-02-22 12:35 ` Rob Sterenborg
2006-02-22 13:39 ` Daniel Nogradi
2006-02-22 20:53 ` Daniel Nogradi
2006-02-22 20:54 ` Chinh Nguyen
2006-02-22 21:57 ` Daniel Nogradi
2006-02-22 22:18 ` Chinh Nguyen [this message]
2006-02-22 23:13 ` Daniel Nogradi
2006-02-22 23:25 ` Daniel Nogradi
2006-02-23 14:42 ` Chinh Nguyen
2006-02-23 15:49 ` Daniel Nogradi
2006-02-24 0:41 ` Daniel Nogradi
2006-02-24 6:26 ` Rob Sterenborg
2006-02-24 10:14 ` Daniel Nogradi
2006-02-24 12:22 ` Rob Sterenborg
2006-02-24 14:48 ` Chinh Nguyen
2006-02-24 23:17 ` Daniel Nogradi
2006-02-25 19:20 ` Rob Sterenborg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43FCE338.4090306@certicom.com \
--to=cnguyen@certicom.com \
--cc=netfilter@lists.netfilter.org \
--cc=nogradi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.