Hi again, all -- ...and then David T-G said... % % ...and then Jeremy C. Reed said... % % % % On Thu, 15 May 2003, David T-G wrote: % % ... % % > generally poked and prodded everywhere I can, I've come up with many "you % % > need to turn on NAT" but no pointers to how to do so! % % % % Go to the netfilter webpage. Click on Documentation. ... % % Then read the NAT HOWTO for your preferred language. A quick example is at % % http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-4.html % % Oooh, perfect. It actually sounds like I need % % Packet Filtering HOWTO: 'Mixing NAT and Packet Filtering' % % but I'll find that -- unless some kind soul points me to it first :-) I looked at tldp.org before I realized that it's on the netfilter page as referred above :-) I believe I've done the simple setup, but it still doesn't work for me. I checked and found linux:~ # cat /proc/sys/net/ipv4/ip_forward 1 so that should be fine. I've attached `iptables -L` so that you can see if anything looks wrong. Thanks again! HAND :-D -- David T-G * There is too much animal courage in (play) davidtg@xxxxxxxxxxxxxxx * society and not sufficient moral courage. (work) davidtgwork@xxxxxxxxxxxxxxx -- Mary Baker Eddy, "Science and Health" http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere 255.255.255.255 udp spt:bootps dpt:bootpc ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- dns1.rcsntx.sbcglobal.net anywhere state NEW udp spt:domain dpts:1024:65535 ACCEPT udp -- dns1.snfcca.sbcglobal.net anywhere state NEW udp spt:domain dpts:1024:65535 LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-NEW-CONNECT ' ACCEPT udp -- anywhere anywhere state ESTABLISHED udp dpts:61000:65095 input_ext all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU reject_func all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED Chain input_ext (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:mysql ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ftp ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:telnet reject_func tcp -- anywhere anywhere tcp dpt:ident flags:SYN,RST,ACK/SYN reject_func all -- anywhere anywhere Chain reject_func (3 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
Attachment:
pgp00437.pgp
Description: PGP signature
