[Tfug] iptables

[Chris Hilton]

On Fri, 19 Jul 2002 20:31:01 -0700
"Paul Scott" <waterhorse@ultrasw.com> wrote:

> Paul Scott wrote:
> > Harry McGregor wrote:
> > 
> >> The basic scripts on this page should work for your needs,
> >>
> >>
> >http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html
> > 
> 
> I haven't figured it out yet.  This is what I get when I correct the 
> aliases:
> 
> Loading simple rc.firewall version 0.63..
> 
>     External Interface:  ppp0
>     Internal Interface:  eth0
>     loading modules:   - Verifying that all kernel modules are ok
> ip_tables, insmod: ip_tables: no module by that name found
> ip_conntrack, insmod: ip_conntrack: no module by that name found
> ip_conntrack_ftp, insmod: ip_conntrack_ftp: no module by that name
> found ip_conntrack_irc, insmod: ip_conntrack_irc: no module by that
> name found iptable_nat, Using 
> /lib/modules/2.4.18/kernel/net/ipv4/netfilter/iptable_nat.o
> insmod: a module named iptable_nat already exists
> ip_nat_ftp, Using
> /lib/modules/2.4.18/kernel/net/ipv4/netfilter/ip_nat_ftp.o insmod: a
> module named ip_nat_ftp already exists.  Done loading modules.
>     enabling forwarding..
>     enabling DynamicAddr..
>     clearing any existing rules and setting default policy..
>     FWD: Allow all connections OUT and only existing and related ones
>     IN
> iptables: No chain/target/match by that name
>     Enabling SNAT (MASQUERADE) functionality on ppp0
> 
> Done.
> 
> 
> I presume the module stuff is not a problem.  I do have iptables (and 
> debugging) built into the kernel.
> 
> Just to save you the trouble the lines producing the no match are:
> 
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state \ 
> ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
> $IPTABLES -A FORWARD -j LOG
> 
> 
> Thanks for anything,
> 
> Paul

Try each of the lines at the command line.  Which one bails out?

-C-