re nat masquerade router

Alexander Dalloz alexander.dalloz at
Tue Jun 15 19:30:21 UTC 2004

Am Di, den 15.06.2004 schrieb Michael Floyd um 21:16:

> your very welcome but looking over you iptable that you posted, your missing
> one very critical piece to the puzzle....
> You have to add a line....
> Iptables -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j
> With out this, no packets will be accepted back to the machine.
> Remember, the request for the web site must be able to come back through the
> router
> Michael Floyd

Hm? He has already the RH-Firewall-1-INPUT chain wide open! His first
rule inside this chain is

ACCEPT     all  --  anywhere             anywhere

So the rest of what is in there is bypassed by that. And your suggested
rule is just necessary in a different setup or at a later time, when all
runs, as an exchange to the global "accept all incoming traffic" rule.


Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 
Serendipity 21:27:54 up 17:54, 8 users, 0.16, 0.24, 0.22 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <>

More information about the fedora-list mailing list