IPTABLES & POLICYS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

hope my English is ok, i have some questions;

 

Starting situation: I use red hat 9 Linux as a gateway firewall to route my private LAN via ADSL to the internet;

Gateway has 2 network interfaces, one for internal, and one for the connection to the alcatel modem;

 

I built up my firewall very similar to the firewall in Robert Zieglers book “Linux Firewalls 2 nd edition”

All policies for the 3 tables are set to DROP, I allow only special protocols and services;

I don’t use a rule for the mangle table and just one rule for the Nat table > masquerade rule for snat;

 

When I start my firewall script I even can not ping the lo interface but actually I have the rules in the filter table to allow a ping to

this interface (this rules stand bevor the policy rules in the my firewallscript) ;

When I set only the policies of the Nat and mangle table to ACCEPT and let the filter table policies on DROP, then the firewall works very well(I have internet connection from al pc of the private LAN and I can ping everything) ;

 

How comes?

What has the Mangle and Nat table to do with pinging the local host, I thought the advantage of iptables is the fact, that every packet passes just one

chain and only local host packets need to go via 2 chains;

 

And that is the point, when I put the policies of Nat chains and Mangle chains to DROP nothing is allowed any more > it seems that I lost rules in this chain, but why does packets go to the chains of Mangle and Nat(exception is the postrouting chain of Nat, were masquerade take place)

 

If anyone knows were the problem is, please let me know.

 

Thank you

 

Gerald

 


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux