Re: Host Machine and Iptables problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> Yes, I thought the same but my confusion is that I don't see any rules of 
> PREROUTING and POSTROUTING in the /etc/sysconfig/iptables file.
>
> [root@VS01]# cat /etc/sysconfig/iptables
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j 
> ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
>
>
> But when I check the command iptables -L -t nat I can see the NAT rules
>
> [root@VS01]# iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 
> 1024-65535
> MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 
> 1024-65535
> MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24
> MASQUERADE  tcp  --  192.168.100.0/24    !192.168.100.0/24    masq ports: 
> 1024-65535
> MASQUERADE  udp  --  192.168.100.0/24    !192.168.100.0/24    masq ports: 
> 1024-65535
> MASQUERADE  all  --  192.168.100.0/24    !192.168.100.0/24
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> am I missing something?

Maybe .. do you have IPv4 forwarding enabled?  What is the output of
"cat /proc/sys/net/ipv4/ip_forward" ?? If it is 0, then edit 
/etc/sysctl.conf .. find net.ipv4.ip_forward .. set it to 1 and then run 
(as root) sysctl -p

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux