|
Hi, hope my English is ok, i have
some questions; Starting situation: I use red
hat 9 Linux as a gateway firewall to route my private LAN via ADSL to the internet; Gateway has 2 network
interfaces, one for internal, and one for the connection to the alcatel modem; I built up my firewall very
similar to the firewall in Robert Zieglers
book “Linux Firewalls 2 nd edition” All policies for the 3 tables
are set to DROP, I allow only special protocols and
services; I don’t use a rule for
the mangle table and just one rule for the Nat table > masquerade rule for snat; When I start my firewall
script I even can not ping the lo interface but actually I have the rules in
the filter table to allow a ping to this interface (this rules stand bevor
the policy rules in the my firewallscript) ; When I set only the policies
of the Nat and mangle table to ACCEPT and let the filter table policies on
DROP, then the firewall works very well(I have internet connection from al pc
of the private LAN and I can ping everything) ; How comes? What has the Mangle and Nat
table to do with pinging the local host, I thought the
advantage of iptables is the fact, that every packet
passes just one chain and only local host packets need to go via 2 chains; And that is the point, when I
put the policies of Nat chains and Mangle chains to DROP nothing is allowed any
more > it seems that I lost rules in this chain, but why does packets go to
the chains of Mangle and Nat(exception is the postrouting
chain of Nat, were masquerade take place) If anyone knows were the
problem is, please let me know. Thank you Gerald |
