On Mon, May 14, 2012 at 9:03 AM, Tom van Leeuwen
<tom.van.leeuwen@xxxxxxxxxxxxx> wrote:
> So, when you do a ping from your host 172.24.50.3 to 1.1.1.x you will
> probably see the counter increase for your rule (with restricted
> destination).
> Do "iptables -vnL FORWARD" to check.
>
> That rule is not the problem.
>
> What traffic are you sending that times out?
> source ip, source port, destination ip, dest port, protocol?
>
> Your forward and postrouting rules look fine and should work
>
> Regards,
> Tom
My principal problems are with http, https and ssh. For example with a
https connection:
Chain FORWARD (policy DROP 48 packets, 2432 bytes)
pkts bytes target prot opt in out source
destination
4628 1901K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
12 746 ACCEPT all -- * * 172.24.50.3
10.196.0.0/16 state NEW
42 2184 ACCEPT tcp -- * * 172.24.50.3
195.76.69.66 tcp multiport dports 80,443 state NEW
1 52 ACCEPT tcp -- * * 172.24.50.3
195.76.69.69 tcp dpt:443 state NEW
48 2432 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4 prefix `IPT FORWARD packet
died: '
First packets goes well, but after few seconds all goes to "IPT
FORWARD .." chain ...
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
