connect to internet problem
Lord of Gore
lordofgore at logsoftgrup.ro
Wed Dec 20 10:22:45 UTC 2006
tamer amr wrote:
> hi
>
> i changed Chain INPUT policy tot DROP and accept only what i need and make this in the OUTPUT chain and the FORWARD chain
> but when i try to connect the internet from any host in local network i can't why?
>
> in the FORWARD chain i accept any packet come from my local network
>
> thank you in advance
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
Internet browsing requires domain resolution and nat.
Keep in mind how packets travel through iptables and the fact that
outgoing chain is used by packets that originate from the localhost. The
chain traversed by packets originating from another host is FORWARD:
http://iptables-tutorial.frozentux.net/images/tables_traverse.jpg
When you try to resolve iptables problems do the following:
0. Read man page. They didn't bother to write it unless it was intended
for some use...
1. Add a log rule to every chain and use --log-prefix <chain_name> to
differentiate between them. You might also want to try --log-ip-options
--log-tcp-options
2. Check out the logs and see what is going on
It gets really easy to see what kind of traffic is blocked while
checking these log lines:
<logprefix> IN=eth0 OUT= MAC=<mac> SRC=<sourceip> DST=<destip> LEN=393
TOS=0x08 PREC=0x00 TTL=41 ID=41464 PROTO=<protoused> SPT=<sourceport>
DPT=<destport> LEN=373
More information about the redhat-list
mailing list