|
HI, i hope
everyone can understand my English, i have some
questions; Starting situation: I use red
hat 9 Linux as a gateway firewall to route my private LAN via ADSL to the
internet; Gateway has 2 network
interfaces, one for internal, and one for the connection to the alcatel modem; I built up my firewall very
similar to the firewall in Robert Zieglers
book “Linux Firewalls 2 nd edition” All policies for the 3 tables
are set to DROP, I allow only special protocols and services; I don’t use a rule for the
mangle table and just one rule for the Nat table > masquerade rule for snat; When I start my firewall
script I even can not ping the lo interface but actually I have the rules in
the filter table to allow a ping to this interface; When I set only the policies
of the Nat and mangle table to ACCEPT and let the filter table policies on DROP,
then the firewall works very well(I have internet connection from al pc of the
private LAN) ; How comes? What has the Mangle and Nat
table to do with pinging the local host, I thought the
advantage of iptables is the fact, that every packet passes
just one chain and only local host packets need to go via 2 chains; And that is the point, when I
put the policies of Nat and Mangle to DROP nothing is allowed any more > it
seems that I lost rules in this chain, but why does packets go to the chains of
Mangle and Nat(exception is the postrouting chain of Nat,
were masquerade take place) If anyone knows were the
problem is, please let my know. Thank you Gerald |
