Re: Problems with iptables?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Roger Grosswiler wrote:
>> Since the last update, i have several problems with iptables.
>>
>> I have a firewall with several nics built-in.
>>
>> -> i have forwarding enabled (/proc/sys/net/ipv4/ip_forward = 1)
>> -> i have no further forwarding rule in iptables, except the default one -> i inserted
>> source-nat-rules on the outgoing devices
>> -> with squid, i use the transparent-proxying-script
>> -> that script redirects all queries on port 80 to port 3128 (where squid is listen
>> on)
>> -> for the inner lan, the nic is trusted
>>
>> so, since the last update, no forwarding, except passing through squid (web only), and
>> only if i configure firefox with the proxy-settings. No redirection from outgoing port
>> 80 to 3128 is done by iptables.
>>
>> It also seems, that masquerading does no longer work on the outgoing interfaces. Are
>> there known issues about iptables or the last kernel?
>>
>>
>> Thanks for your help.
>> Roger
>>
>> ----
>>
>> i was fiddling a little bit yesterday, and i inserted in /etc/sysconfig (which isn't a
>> real lucky solution) in lines 3 and 4 forwarding information:
>>
>> -A FORWARD -i eth0 -j ACCEPT
>> -A FORWARD -i tun0 -j ACCEPT
>>
>> and since then, checking with iptables -L -v i see, that those forwarding rules are
>> counting packets.
>>
>> What is not counting packets at all is SNAT in the nat table. Is there an error within
>> iptables?
>>
>> I use the following rules:
>>
>> /sbin/iptables -A POSTROUTING -t nat -o eth0 -j SNAT --to-source x.y.z.c
>>
>> i use this 4 times for all my several subnets, and this has been working perfect until
>> the last upgrade :(
>>
>> Did i miss something?
>>
>> Thanks in advance,
>> Roger
>>
>>
> Check the changelog for the last kernel upgrade.  They "fixed" a problem
> with iptables but it seems several people now have issues.  I suggest
> you use the previous kernel if you're having problems.
>
>
>
I tried this, but no help.

Thx,
Roger

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux