On Wednesday 25 February 2004 6:58 am, ip tables wrote:
> Hello,
>
> I use iptables 1.2.7a on RH 9.0 when i enable
> iptables -t nat --policy PREROUTING DROP
> it stops my connecting to the services offerd @ the
> natted dmz. Also nmap shows the ports opened when i do
> a "connect" scan. I have no user defined chanins. Any
> idea?
Don't use the nat table for filtering rules (DROP is a filtering action).
The nat tables are for SNAT and DNAT rules.
If you want to DROP packets, do it in INPUT, OUTPUT or FORWARD.
Regards,
Antony.
--
Anything that improbable is effectively impossible.
- Murray Gell-Mann, Novel Prizewinner in Physics
Please reply to the list;
please don't CC me.
