On Thursday 08 January 2004 11:56 am, Gilles Yue wrote:
> Hi,
>
> I have opened port 161 in my firewall script.
>
> $IPTABLES -A INPUT -p udp -m udp --dport 161 -j ACCEPT
>
> However, POSRTOUTING SET TO DROP By default, is preventing MRTG
> from running properly. (I have tried setting POSTROUTING TO ACCEPT
> and MRTG works fine)
>
> $IPTABLES -t nat -P POSTROUTING DROP
That is a very bad idea.
The nat tables are for address translation, not for filtering.
The filter tables are for filtering - that's where you should be DROPping
packets.
Set the policy on POSTROUTING back to ACCEPT, and by all means tell us if this
causes you any problems.
Regards,
Antony.
--
If at first you don't succeed, destroy all the evidence that you tried.
Please reply to the list;
please don't CC me.
