[Tfug] iptables
Paul Scott
tfug@tfug.org
Sun Jul 21 16:39:01 2002
Chris Hilton wrote:
> On Fri, 19 Jul 2002 20:31:01 -0700
> "Paul Scott" <waterhorse@ultrasw.com> wrote:
>
>
>>Paul Scott wrote:
>>
>>>Harry McGregor wrote:
>>>
>>I presume the module stuff is not a problem. I do have iptables (and
>>debugging) built into the kernel.
>>
>>Just to save you the trouble the lines producing the no match are:
>>
>>$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state \
>>ESTABLISHED,RELATED -j ACCEPT
>>$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
>>$IPTABLES -A FORWARD -j LOG
>>
>
> Try each of the lines at the command line. Which one bails out?
The first one:
After a lot of reading and searching I found this;
http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/packet-filtering-HOWTO.linuxdoc.html#toc5
which said what you said and mentioned some modules which when I didn't
have them I rechecked my kernel configuration and realized that there
were some kernel components whose menuconfig help had said "if not sure,
say no." That including one or more for matching. I just built a new
kernel and those lines all work now.
I need to finish reading the above document because everything else I
have found doesn't explain iptables well enough for me to feel that I
know what to do to have a safe system.
Thanks much,
Paul