Hi J! On Tue, Oct 11, 2011 at 08:01:12AM +0100, J Webster wrote: > Also, after running the command lines, none of the additions are > entered into the iptables script. The commands are not changing any script, only the current in-kernel tables. To save the changes, use "iptables-save" command, but your distribution may have a designated mechanism like "/etc/init.d/iptables save" - you have to find out, or reply with the name of your distribution. > [root@vps8259 myscripts]# echo 1> /proc/sys/net/ipv4/ip_forward > [root@vps8259 myscripts]# iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT > [root@vps8259 myscripts]# iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT > [root@vps8259 openvpn]# iptables -A FORWARD -s 172.16.0.0/24 -j ACCEPT > [root@vps8259 openvpn]# iptables -A FORWARD -j REJECT All the above commands look good. > [root@vps8259 openvpn]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE > iptables: Unknown error 4294967295 > [root@vps8259 openvpn]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE > iptables: Unknown error 4294967295 The problem here may be venet0 interface. As far as I know, there is no support for "nat" tables on OpenVZ virtual network interfaces. Best regards, Ján -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
