Re: creepy iptables problem.. please help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



iptables -t nat -A POSTROUTING -s $DMZ -o eth0 -j MASQUERADE
is the only MASQUERADE that is relavant . $DMZ = 192.168.1.0/24 the hq
cisco router sits in the dmz.
I have listed below the the rules i have in the fire wall that are relavant

iptables -A FORWARD -d 192.168.199.253  -j ACCEPT  << doesnt work
iptables -A FORWARD -s 192.168.199.253  -j ACCEPT << doesnt work

iptables -A FORWARD -d 192.168.200.240  -j ACCEPT  <<  works
iptables -A FORWARD -s 192.168.200.240  -j ACCEPT << works

iptables -A FORWARD -s 192.168.199.0/24 -j DROP
iptables -A FORWARD -s 192.168.200.0/24 -j DROP

iptables -A OUTPUT -m state --state NEW -o eth1 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -o eth1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

On 7/24/07, Stuart Murray-Smith <eight32@xxxxxxxxx> wrote:
> I have an fc6 box at hq as router / firewall.
> I have a cisco route at the remote site, with 2 ip address on the lan
> interface on in the 192.168.199.254/24 and 192.168.200.254/24   from
> server 192.168.200.240 i can ping google.com, but for 192.168.199.253
> my tracroute dies on the firewall..
>
> both ip ranges have the same iptables rules an routing .. why would
> the  192.168.199.253 not be able to access the internet ??

Looks like you're NATing on the .200 subnet and not the .199 subnet

What does your MASQUERADE iptable(s) look like?

Stu@




--
Then you will know the truth, and the truth will set you free.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



--
Gregory Machin
gregory.machin@xxxxxxxxx
www.linuxpro.co.za

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux