Thank your very much Lajos !!!!!!!!!!!!!!! It is working fine now after adding the line "-m conntrack --ctstate DNAT" in the ACCEPT statement of the FORWARD chain as you've said in previous mail. Could you please explain how it works after adding the line "-m conntrack --ctstate DNAT" in the ACCEPT stmt of FORWARD chain ? I'm very eager to know this :-) Regards, Gopinath.U I have also upgraded my iptables to version 1.3.7 On 5/29/07, Gáspár Lajos <swifty@xxxxxxxxxxx> wrote:
Hi Gopinath, > Hi Lajos, > > Thanks for your suggestion. > > I had upgraded my OS to fedora 6, and also enabled logging option for > the DROP packets. Now the Default denying functionality is working > fine. But this time I face another problem. ie., i have applied static > NAT on my firewall. In my simulation setup i am able to connect the > other end (INTERNAL) machine using the NAT IP assigned, from the > EXTERNAL machine as well through the actual IP of the > machine(INTERNAL). This spoil my purpose for NATTING. I don't know why > this happen. I suspect that there could be some problem with my NAT > module. Please suggest... I think that this is not a NATing but a routing problem. I do not know your current script but maybe there is an accept that allows this state. I would add the following option to the ACCEPT rule in the FORWARD chain: -m conntrack --ctstate DNAT > > Is there any need to upgrade my kernel to add further support ? > I do not think so but it is good to have an up-to-date system. > Regards, > Gopinath. U Swifty
