On Fri, Aug 07, 2009 at 08:49:35PM +0530, ratheesh k wrote:
> My aim is to test whether my router supports what kind of NAT ..and to
> know abt how we can make nat types that are not supported ,working
> .....
>
>
> A { client computer } --------------------------> Router
> ------------------------> internet ...
>
> This is my setup .
So it isn't much about iptables anyway ..
> On Fri, Aug 7, 2009 at 5:40 PM, Thomas Jacob<jacob@xxxxxxxxxxxxx> wrote:
> >> iptables -t nat -A POSTROUTING -i eth0 -o eth1 -j MASQUERADE
This rule just gives you the NAT translation (and only deals
with the first packet of a connection), in the "nat" table.
> >> 3 . i installed windows STUC and tested . Test results show it is a
> >> portrestricted nat ... But if i make default policy for wan INPUT and
> >> wan PREROUING as REJECT , test got failed ??? is it iptables
> >> dependend ??
You also need to allow traffic to pass your system. If you REJECT everything
in the PREROUTING/INPUT chains (in the nat table, I presume), you will basically
prevent all NEW connections via/to the router.
E.g. something like that (in the INPUT table) should get you started
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state NEW -i eth0 -o eth1 -j ACCEPT
iptables -P FORWARD REJECT
iptables -P INPUT REJECT
Also check out this diagram that shows you how a packet is passed
thru the netfilter/iptables system:
http://ebtables.sourceforge.net/br_fw_ia/bridge3b.png
Maybe you should also read at least some of the docs :-)
=> http://netfilter.org/documentation/index.html
Regards,
Thomas
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
