tamer amr wrote:
hi
i changed Chain INPUT policy tot DROP and accept only what i need and make this in the OUTPUT chain and the FORWARD chain
but when i try to connect the internet from any host in local network i can't why?
in the FORWARD chain i accept any packet come from my local network
thank you in advance
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Internet browsing requires domain resolution and nat.
Keep in mind how packets travel through iptables and the fact that
outgoing chain is used by packets that originate from the localhost. The
chain traversed by packets originating from another host is FORWARD:
http://iptables-tutorial.frozentux.net/images/tables_traverse.jpg
When you try to resolve iptables problems do the following:
0. Read man page. They didn't bother to write it unless it was intended
for some use...
1. Add a log rule to every chain and use --log-prefix <chain_name> to
differentiate between them. You might also want to try --log-ip-options
--log-tcp-options
2. Check out the logs and see what is going on
It gets really easy to see what kind of traffic is blocked while
checking these log lines:
<logprefix> IN=eth0 OUT= MAC=<mac> SRC=<sourceip> DST=<destip> LEN=393
TOS=0x08 PREC=0x00 TTL=41 ID=41464 PROTO=<protoused> SPT=<sourceport>
DPT=<destport> LEN=373
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
