Marco Nicoloso írta:
iptables -vnL
0 0 DROP all -f * * 0.0.0.0/0
0.0.0.0/0
...
hmmm...
Something wrong with your kernel or iptables...
Or you just entered these command right after your firewall script...
The counts of packets in the chains should be mostly more than 0 ! :)
iptables -vnL -t nat
iptables: Table does not exist (do you need to insmod?)
Well...
You need it.
In this command:
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.7.0/24 -j SNAT --to
81.xx.xxx.xxx
Try this in the head of your script:
modprobe ip_conntrack >/dev/null 2>/dev/null
modprobe ip_conntrack_ftp >/dev/null 2>/dev/null
modprobe ip_conntrack_irc >/dev/null 2>/dev/null
modprobe ip_nat >/dev/null 2>/dev/null
modprobe ip_nat_ftp >/dev/null 2>/dev/null
modprobe ip_nat_irc >/dev/null 2>/dev/null
modprobe iptable_filter >/dev/null 2>/dev/null
modprobe iptable_mangle >/dev/null 2>/dev/null
modprobe iptable_nat >/dev/null 2>/dev/null
iptables -vnL -t mangle
iptables: Table does not exist (do you need to insmod?)
Not now :) Maybe later... :)
But modules iptable_nat and iptable_mangle (although, I think,
iptable_mangle is not necessary for me) are loaded.
Are you sure?
Do I need to create table nat, or it is built-in?
It is built-in, but should be loaded if you compiled as a module in you
kernel.
From "man iptables":
If the kernel is
configured with automatic module loading, an attempt
will be made to load the appropriate module for
that table if it is not already there.
Swifty
