thanks for the advice. > On Wednesday 31 March 2004 6:04 pm, netfilter@xxxxxxxxxxxxx wrote: > >> I am running redhat linux AS3 and I have uninstalled the rpm that came >> with the os... it wasn't reading the rules right. So i've installed a >> iptables 1.2.9 rpm. I really want to reinstall from source without being >> able to recompile the kernel. > > Not a good idea. > > If you are updating the userspace tool (iptables) you should update the > kernel > support (netfilter) to match. > >> I also need to know from you all what command you want me to use in >> order >> post the output of iptables -L on this list for help. Basically what are >> the posting guidelines. > > My personal preference (and this is not a rule for the list - feel free to > do > something other than what I say) is for the output of: > iptables -L -nvx; iptables -L -t nat -nvx > > The important bit is the -v option, which tells us which interfaces your > rules > apply to, which is not apparent from the output of "iptables -L", and is > very > important. > > Almost as good is the format used by iptables-save, although (again, > personally) I find this harder to read. > > Another guideline if you appear to be having problems is to try and reduce > your ruleset to the simplest possible which displays the problem (ie: > don't > include all your anti-port-scanning rules if the problem is something to > do > with forwarding ssh). > > My final request would be to make sure that we understand how you are > testing > something when it comes to telling us it doesn't work. Recognise that > when > you say "I can't connect to my machine by ssh", we don't know if you're > trying to connect from a machine on the local subnet, or a client halfway > across the Internet. > > Thank you very much for asking how to post to the list. > > Regards, > > Antony. > > -- > This is not a rehearsal. > This is Real Life. > > Please reply to the > list; > please don't CC > me. > > >
