Re: Where to add own rules in /etc/sysconfig/iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Do you have ip forwarding turned on in the kernel?

[root@boss etc]# grep forward /etc/sysctl.conf
# Disables packet forwarding
net.ipv4.ip_forward = 1

You might also put the following on your INPUT and FORWARD chains and then
watch /var/log/messages while you test.

IPTABLES=/sbin/iptables
LOG="LOG --log-level 6 --log-prefix"
LIMIT="limit --limit-burst 10 --limit 6/minute"
# dropped by default
$IPTABLES -A INPUT -m $LIMIT -j $LOG "INPUT packet died: "
$IPTABLES -A INPUT -j DROP
$IPTABLES -A FORWARD -m $LIMIT -j $LOG "FORWARD packet died: "
$IPTABLES -A FORWARD -j DROP


--
Dale Bewley - dlbewley@ucdavis.edu
Unix Server Administrator / Digital Library Consultant

On 30 Oct 2002, Alejandro [ISO-8859-1] González Hernández - Imoq wrote:

> On Wed, 2002-10-30 at 13:29, Michael Schwendt wrote:
> 
> > iptables -I RH-Lokkit-0-50-INPUT 5 -p tcp --dport 80 -j ACCEPT
> > 
> > I don't know why I reply to this message. :) You should also tell
> > where 192.168.105.220 is located. I need to guess too much. A rule
> > in the FORWARD chain would be necessary if 192.168.105.220 is a
> > remote host. It seems it isn't.
> 
> You are replying to this message because you are a very cool person who
> is trying to help someone ;)
> 
> OK, this is the schema:
> 
> My computer has two network cards; eth0 has a real, public and valid IP
> address. eth1 has a private address (192.168.1.169).
> 
> What I am trying to to is to route the port 80 from the public network
> to a computer (192.168.105.220) in the private network.
> 
> To achieve this, I just set up the firewall with lokkit and then added
> the two rules commented before:
> 
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
> 192.168.105.220:80
> iptables -I RH-Lokkit-0-50-INPUT 5 -p tcp --dport 80 -j ACCEPT
> 
> But still can't reach port 80 from public network.
> 
> I even tried stopping iptables and then only use the two rules above,
> without luck :(
> 
> What do you advise me to do?
> 
> Thanks again.
> 
> -- 
> ˇSé libre, usa software libre!
> Be free, use free software!
> http://www.imoqland.com/
> 
> 
> 
> -- 
> Psyche-list mailing list
> Psyche-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/psyche-list
> 



-- 
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux