From: Mart Frauenlob <mart.frauenlob@chello.at>
To: netfilter@vger.kernel.org
Subject: Re: Natting html traffic
Date: Sat, 13 Feb 2010 19:44:15 +0100 [thread overview]
Message-ID: <4B76F2FF.2000801@chello.at> (raw)
In-Reply-To: <1266077189.2916.54.camel@tesla.lan>
On 13.02.2010 17:06, netfilter-owner@vger.kernel.org wrote:
> On Sat, 2010-02-13 at 00:03 +0100, Bojan Sukalo wrote:
>> I'am trying to setup nat on RHEL4 box.
>>
>> Kernel: Linux 2.6.9-89.ELsmp x86_64x86
>> iptables: 1.2.11
>
> Bojan,
>
> why don't you try to upgrade to a more recent version of iptables and if
> possible to a more recent kernel ? You know, just in case...
Changing the iptables version will not change anything, if the current
version does not have problems setting the kernel part correctly.
You would need to upgrade kernel.
>
> I have a setup similar to yours (except from POSTROUTING which is of
> type MASQUERADING rather than SNAT) and it works all right.
>
> Also, have you checked other parameters such as TTL ? What about ICMP ?
> You can enable ICMP with the following rule:
>
> -A INPUT -p icmp -j ACCEPT
what should allowing INPUT icmp help in a case where there's a FORWARD
rule? He allows ESTABLISHED,RELATED traffic, that should allow icmp
messages that result from tcp errors.
Best regards
Mart
next prev parent reply other threads:[~2010-02-13 18:44 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-12 23:03 Natting html traffic Bojan Sukalo
2010-02-12 23:18 ` Guido Trentalancia
2010-02-13 2:13 ` Покотиленко Костик
2010-02-13 4:26 ` Guido Trentalancia
2010-02-13 4:51 ` Peter Chacko
2010-02-13 10:08 ` Oskar Berggren
2010-02-13 12:22 ` Bojan Sukalo
2010-02-13 14:47 ` Guido Trentalancia
2010-02-13 15:29 ` Bojan Sukalo
2010-02-13 16:19 ` Guido Trentalancia
2010-02-13 18:36 ` Mart Frauenlob
2010-02-13 16:06 ` Guido Trentalancia
2010-02-13 18:44 ` Mart Frauenlob [this message]
2010-02-13 18:19 ` Mart Frauenlob
-- strict thread matches above, loose matches on Subject: below --
2010-02-13 16:46 Bojan Sukalo
2010-02-13 16:55 ` Guido Trentalancia
2010-02-14 10:52 ` Bojan Sukalo
2010-02-14 16:08 ` Guido Trentalancia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B76F2FF.2000801@chello.at \
--to=mart.frauenlob@chello.at \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.