Re: Need Help IPTABLES RH8

David Sudjiman <davidsudjiman@xxxxxxxxx> · Sun, 8 Dec 2002 23:40:28 +0700 (WIT)

On Tue, 3 Dec 2002, Pablo Allietti wrote:
> -A FORWARD -j ACCEPT -i eth0 -o eth0 -d 0/0
> #-A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 143 --syn -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 953 --syn -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 443 --syn -j ACCEPT
> -A INPUT -p udp --sport 137 --dport 137 -j DROP
>
> and
>
> /sbin/iptables --table nat --delete-chain
> /sbin/iptables --table nat --append POSTROUTING --out-interface eth0:0
> -j MASQUERADE
> /sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
>
AFAIK, I can't see your OUTPUT rule on the script. Just add

iptables -A OUTPUT -o external_eth -j ACCEPT

on your script.
and don't forget to make

echo 1 > /proc/sys/net/ipv4/ip_forward

to make the packet forwarded
and I'm not sure that your
-A FORWARD -j ACCEPT -i eth0 -o eth0 -d 0/0
is a right syntax... see the -o parameter for ACCEPT rule

Mmm, are you using eth0 and eth0:0?

thx
.dave

"I've seen it.  It's rubbish."
-- Marvin the Paranoid Android

-- 
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list