Thomas ,
On Sun, Aug 9, 2009 at 5:27 PM, Thomas Jacob<jacob@xxxxxxxxxxxxx> wrote:
> On Fri, Aug 07, 2009 at 08:49:35PM +0530, ratheesh k wrote:
>> My aim is to test whether my router supports what kind of NAT ..and to
>> know abt how we can make nat types that are not supported ,working
>> .....
>>
>>
>> A { client computer } --------------------------> Router
>> ------------------------> internet ...
>>
>> This is my setup .
>
> So it isn't much about iptables anyway ..
>
>> On Fri, Aug 7, 2009 at 5:40 PM, Thomas Jacob<jacob@xxxxxxxxxxxxx> wrote:
>> >> iptables -t nat -A POSTROUTING -i eth0 -o eth1 -j MASQUERADE
>
> This rule just gives you the NAT translation (and only deals
> with the first packet of a connection), in the "nat" table.
>
>> >> 3 . i installed windows STUC and tested . Test results show it is a
>> >> portrestricted nat ... But if i make default policy for wan INPUT and
>> >> wan PREROUING as REJECT , test got failed ??? is it iptables
>> >> dependend ??
>
> You also need to allow traffic to pass your system. If you REJECT everything
> in the PREROUTING/INPUT chains (in the nat table, I presume), you will basically
> prevent all NEW connections via/to the router.
>
> E.g. something like that (in the INPUT table) should get you started
>
> iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A FORWARD -m state --state NEW -i eth0 -o eth1 -j ACCEPT
> iptables -P FORWARD REJECT
> iptables -P INPUT REJECT
>
> Also check out this diagram that shows you how a packet is passed
> thru the netfilter/iptables system:
>
> http://ebtables.sourceforge.net/br_fw_ia/bridge3b.png
>
> Maybe you should also read at least some of the docs :-)
>
> => http://netfilter.org/documentation/index.html
>
> Regards,
> Thomas
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
