creepy iptables problem.. please help
Gregory Machin
gregory.machin at gmail.com
Tue Jul 24 10:41:04 UTC 2007
Sorry for the typo 192.168.199.254/24 and ..
I just dont get how i can have two sets of identical iptables rules,
and routes for, two ip ranges comming from the same router, with the
same acls on the routers .. and the one is dropped when it hits the
linux bux and the other goes through no problem..
On 7/24/07, Andy Green <andy at warmcat.com> wrote:
> Somebody in the thread at some point said:
> >> iptables -t nat -A POSTROUTING -s $DMZ -o eth0 -j MASQUERADE
> >> is the only MASQUERADE that is relavant . $DMZ = 192.168.1.0/24 the hq
> >> cisco router sits in the dmz.
> >> I have listed below the the rules i have in the fire wall that are
> >> relavant
> >>
> >> iptables -A FORWARD -d 192.168.199.253 -j ACCEPT << doesnt work
> >> iptables -A FORWARD -s 192.168.199.253 -j ACCEPT << doesnt work
>
> Don't you need a -p tcp between the FORWARD and the -d / -s? For other
> iptables commands anyway it insists to have the protocol named before it
> can interpret the addresses you are giving.
>
> Also you mentioned earlier 192.168.199.254/24, AIUI that is evil, you
> must actually use 192.168.199.0/254 to give that properly in CIDR. Of
> course maybe you just typed it in the email and it is fine if used in CIDR.
>
> -Andy
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
--
Gregory Machin
gregory.machin at gmail.com
www.linuxpro.co.za
More information about the fedora-list
mailing list