On Thursday 27 January 2005 05:13, varun_saa@xxxxxxxx wrote: > Hello, > My server is Mandrake 10.1 > eth0 is WAN with static IP connected to 512k DSL > eth1 is LAN > > I am trying to write iptables rules and I am > stuck with some error. > > My iptable file is as follows : > > # Generated by iptables-save v1.2.9 on Thu Oct 21 05:32:36 2004 > *nat > > :OUTPUT ACCEPT [0:0] > :PREROUTING ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > > -A POSTROUTING -o eth0 -j MASQUERADE > COMMIT > # Completed on Thu Oct 21 05:32:36 2004 > # Generated by iptables-save v1.2.9 on Thu Oct 21 05:32:36 2004 > *mangle > > :PREROUTING ACCEPT [32056:3889577] > :INPUT ACCEPT [32010:3885659] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [31637:4617585] > :POSTROUTING ACCEPT [31639:4618071] > > COMMIT > # Completed on Thu Oct 21 05:32:36 2004 > # Generated by iptables-save v1.2.9 on Thu Oct 21 05:32:36 2004 > *filter > > :FORWARD ACCEPT [0:0] > :INPUT DROP [0:0] > :OUTPUT ACCEPT [0:0] > > -A INPUT -j ACCEPT > -A INPUT -s 127.0.0.1 -j ACCEPT > -A INPUT -p tcp -m tcp -i eth1 -o eth0 --dport 3128 --sport 80 -j ACCEPT > -A INPUT -p udp -m udp -i eth1 -o eth0 --dport 3128 --sport 80 -j ACCEPT > COMMIT > # Completed on Thu Oct 21 05:32:36 2004 > > When I am trying to save I get the following error : > > iptables-restore v1.2.9: Can't use -o with INPUT The error message gives you the answer. You can't use the -o parameter on the INPUT chain since by definition the destination is always the local host. Remove "-o eth0" from your rules. Jeff
