Re: IPTABLES Nightmare - Save Me

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The input chain is only used for packets destined for the firewall itself. If the NAT tells the firewall that the packets are going to pass through the machine to another conputer, the FORWARD chain is thn passed through, NOT the INPUT.


Option 1.

Change:
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 8080 -j ACCEPT

To:
$IPTABLES -A FORWARD -p TCP -s 0/0 --dport 8080 -j ACCEPT

Option 2.
What you are really looking for is to direct traffic from the FORWARD chain to the tcp_packets chain:

$IPTABLES -A FORWARD -p tcp -j tcp_packets



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux