[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: re nat masquerade router



Am Di, den 15.06.2004 schrieb Michael Floyd um 21:16:

> your very welcome but looking over you iptable that you posted, your missing
> one very critical piece to the puzzle....
> You have to add a line....
> Iptables -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j
> ACCEPT
> With out this, no packets will be accepted back to the machine.
> Remember, the request for the web site must be able to come back through the
> router
> Michael Floyd

Hm? He has already the RH-Firewall-1-INPUT chain wide open! His first
rule inside this chain is

ACCEPT     all  --  anywhere             anywhere

So the rest of what is in there is bypassed by that. And your suggested
rule is just necessary in a different setup or at a later time, when all
runs, as an exchange to the global "accept all incoming traffic" rule.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 
Serendipity 21:27:54 up 17:54, 8 users, 0.16, 0.24, 0.22 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]