I am a really newbie to Iptables
.I am running a RH8.0 box that should act as firewall router to my LAN
(and it works ...but please comment my question..).
This is my /etc/sysconfig/iptables file generated from Lokkit with the
addition of Masquerade line...
I have some question:
1) does it work also if I am connected to Internet by PPoE (i.e. dynamic
IP), and iptables can start starting the connection??
2) if i do not give command echo 1 > /proc/sys/net/ipv4/ip_forward,
nothing works. Shall I put this command in rc.local???
Tnx
Antonio Montagnani
# Generated by iptables-save v1.2.6a on Mon Nov 25 22:39:49 2002
*nat
:PREROUTING ACCEPT [594:29095]
:POSTROUTING ACCEPT [2:120]
:OUTPUT ACCEPT [89:5370]
[125:7241] -A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Nov 25 22:39:49 2002
# Generated by iptables-save v1.2.6a on Mon Nov 25 22:39:49 2002
*filter
:INPUT ACCEPT [6544:6909364]
:FORWARD ACCEPT [2112:1426713]
:OUTPUT ACCEPT [5506:550879]
:RH-Lokkit-0-50-INPUT - [0:0]
[7154:6953041] -A INPUT -j RH-Lokkit-0-50-INPUT
[358:23126] -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
[61:11302] -A RH-Lokkit-0-50-INPUT -s 212.216.112.112 -p udp -m udp
--sport 53 -j ACCEPT
[4:514] -A RH-Lokkit-0-50-INPUT -s 212.216.172.62 -p udp -m udp --sport
53 -j ACCEPT
[157:6444] -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK
SYN -j REJECT --reject-with icmp-port-unreachable
[30:2291] -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT --reject-with
icmp-port-unreachable
COMMIT
# Completed on Mon Nov 25 22:39:49 2002
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
