[Tfug] iptables

[Paul Scott]

Paul Scott wrote:
> Harry McGregor wrote:
> 
>> The basic scripts on this page should work for your needs,
>>
>> http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html
> 

I haven't figured it out yet.  This is what I get when I correct the 
aliases:

Loading simple rc.firewall version 0.63..

    External Interface:  ppp0
    Internal Interface:  eth0
    loading modules:   - Verifying that all kernel modules are ok
ip_tables, insmod: ip_tables: no module by that name found
ip_conntrack, insmod: ip_conntrack: no module by that name found
ip_conntrack_ftp, insmod: ip_conntrack_ftp: no module by that name found
ip_conntrack_irc, insmod: ip_conntrack_irc: no module by that name found
iptable_nat, Using 
/lib/modules/2.4.18/kernel/net/ipv4/netfilter/iptable_nat.o
insmod: a module named iptable_nat already exists
ip_nat_ftp, Using /lib/modules/2.4.18/kernel/net/ipv4/netfilter/ip_nat_ftp.o
insmod: a module named ip_nat_ftp already exists
.  Done loading modules.
    enabling forwarding..
    enabling DynamicAddr..
    clearing any existing rules and setting default policy..
    FWD: Allow all connections OUT and only existing and related ones IN
iptables: No chain/target/match by that name
    Enabling SNAT (MASQUERADE) functionality on ppp0

Done.


I presume the module stuff is not a problem.  I do have iptables (and 
debugging) built into the kernel.

Just to save you the trouble the lines producing the no match are:

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state \ 
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG


Thanks for anything,

Paul