Strong wrote:
On Fri, 09 Nov 2007 08:17:44 +0900 John Summerfield
<debian@xxxxxxxxxxxxxxxxxxxxxx> wrote:
He posted his rules to the list. His policy is accept, but he had a
global reject that would cause the message he saw.
Where in the global reject was?
Does this help?
# service iptables stop
No. How it can help, if no route is specified?
But I have changed to this:
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE
and now it works. Weird that adding the last line (without 'iptables '
at the line beginning, of course) to the iptables file did error message
at iptables restart. But loaded from command line is fine. How I can
save the rules to survive reboot? Is there a tool provided for the
iptables configuration, not system-config-security?
I personally would not take the REJECT out of the table, change the
policy to ACCEPT, or any such thing which might leave the smallest hole
for evil doers. By putting in the ACCEPT rules you can let your guest
have access. I would also not let in everything from the whole private
network, I would restrict the range and apply an interface restriction
to limit your exposure.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
