Hi Gopinath,
Hi Lajos,
Thanks for your suggestion.
I had upgraded my OS to fedora 6, and also enabled logging option for
the DROP packets. Now the Default denying functionality is working
fine. But this time I face another problem. ie., i have applied static
NAT on my firewall. In my simulation setup i am able to connect the
other end (INTERNAL) machine using the NAT IP assigned, from the
EXTERNAL machine as well through the actual IP of the
machine(INTERNAL). This spoil my purpose for NATTING. I don't know why
this happen. I suspect that there could be some problem with my NAT
module. Please suggest...
I think that this is not a NATing but a routing problem.
I do not know your current script but maybe there is an accept that
allows this state.
I would add the following option to the ACCEPT rule in the FORWARD chain:
-m conntrack --ctstate DNAT
Is there any need to upgrade my kernel to add further support ?
I do not think so but it is good to have an up-to-date system.
Regards,
Gopinath. U
Swifty
