Trying to apply: iptables -t nat -A POSTROUTING -o $ext_IF -j MASQUERADE I get the following error - Bad argument `MASQUERADE' Try `iptables -h' or 'iptables --help' for more information. It does not like the command you suggested..... Mike On Sat, Apr 30, 2011 at 11:50 AM, /dev/rob0 <rob0@xxxxxxxxx> wrote: > On Sat, Apr 30, 2011 at 09:02:55AM +0100, Andrew Beverley wrote: >> On Thu, 2011-04-28 at 16:43 -0500, Mike Hendrie wrote: >> > All users can get to Google and do searches just fine. I am >> > having funny issues with the a couple of application. >> > >> > I do not understand why I am having the below issues. Could this >> > be because of the iptables? >> >> Probably, although I would say more accurately because of UFW. >> It's quite difficult to diagnose problems with automatically >> generated iptables rules. > > Indeed, and users of such rulesets should be asking elsewhere (at the > provider of the ruleset) for support. > >> I would say you are better off disabling UFW, and starting with >> just the rules you need to get everything working: > > Yes, but iptables-restore(8) is the recommended means to apply a > ruleset. > >> # Flush all tables >> iptables -t nat -F >> iptables -t mangle -F >> iptables -t filter -F >> >> # Set the default policy to ACCEPT: >> iptables -P PREROUTING ACCEPT > > The default table, filter, does not have a PREROUTING chain. > >> iptables -P INPUT ACCEPT >> iptables -P OUTPUT ACCEPT >> iptables -P FORWARD ACCEPT >> iptables -P POSTROUTING ACCEPT > > The default table, filter, does not have a POSTROUTING chain. > >> # Enable packet forwarding: >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> # Setup NAT: >> iptables -t nat -A POSTROUTING -o $ext_IF -j MASQUERADE >> >> Once that works, you can then start blocking ports. >> >> > - There is FileMaker application that uses ports 5000 - 5005 to >> > connect to an external server that cannot find the external server. >> > ??StatefulNAT translation.?? >> >> Looking at the following website, you'll need to allow more than just >> those ports: >> >> http://sixfriedrice.com/wp/filemaker-firewall/ >> >> But, as above, get the firewall working with all ports open, and >> then start closing them. > > Otherwise I agree with what you have said. > -- > Offlist mail to this address is discarded unless > "/dev/rob0" or "not-spam" is in Subject: header > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
