Hi Lajos, Thanks for your suggestion. I had upgraded my OS to fedora 6, and also enabled logging option for the DROP packets. Now the Default denying functionality is working fine. But this time I face another problem. ie., i have applied static NAT on my firewall. In my simulation setup i am able to connect the other end (INTERNAL) machine using the NAT IP assigned, from the EXTERNAL machine as well through the actual IP of the machine(INTERNAL). This spoil my purpose for NATTING. I don't know why this happen. I suspect that there could be some problem with my NAT module. Please suggest... Is there any need to upgrade my kernel to add further support ? Regards, Gopinath. U On 5/21/07, Gáspár Lajos <swifty@xxxxxxxxxxx> wrote:
Hi, Gopinath írta: > Hi, > > My objective is to replace my existing firewall with a Linux firewall. > We have point to point connectivity through VSAT with one of our > customer. The only major thing which the firewall need to do is STATIC > NAT. As you may see since this is a point to point connectiviy all the > IPs employed are Private IPs. While checking the f/w in simulation > mode, things were working fine (except default denying). I already > tried to achieve DEFAULT DENY by changing the default behaviour of > FORWARD policy to DROP by issuing the command "iptables -P FORWARD > DROP". But when i do this all the traffic were getting dropped. So If EVERYTHING is dropped then your rules do not get hit by the traffic. (Your rules are wrong.) Try to capture the traffic. Maybe you can find the problem. > > again i tried by appending a policy in forward chain (last rule) to (policy is always the last rule... :D ) > drop all the packets by default. But even this didn't worked out. Hope > you can understand my requirement & how i do the NATTing from my > previous mail. > > Even though i have worked a bit with iptables before, I am a begginer > in building a linux firewall with iptables :-) > > Cheers :) > Gopinath.U Swifty
