Guido Hennecke <[EMAIL PROTECTED]> writes: > > Sorry, I was transposing my thoughts into ipchains rules. Actually my > > firewall is iptables based. In iptables, packets that are being > > masqueraded traverse only the FORWARD chain and not the INPUT or OUTPUT > > chains. Thus if the rule was: > > iptables -A INPUT -i eth0 ! -d 192.168.0.1 -j DROP > > this should be OK I guess. Since packets on the INPUT are destined only > > to localhost. > > Pakets came from the externel interface from a ip address from this > externel network will be masqeraded? I think the will not!
I've got a problem with this, btw. Increasingly, I'm needing FORWARDING rules on various sites; what I want to know is, when I've got the following layout: | #Chain for incoming/forwarding filtering | iptables -N block | #chain to drop & log stuff | iptables -N DLOG | ... | several `block' rules incl stateful allowing ESTABLISHED,RELATED | ... | ## Jump to that chain from INPUT and FORWARD chains. | iptables -A INPUT -j block | iptables -A FORWARD -j block how come packets still seem to get dropped when being forwarded between interfaces? (If this isn't the place for this question, point me at a *decent* bit of documentation by all means! (With emphasis on `decent', as in something that explains and details simultaneously.)) ~Tim -- 12:51:17 up 33 days, 14:46, 17 users, load average: 0.15, 0.18, 0.17 [EMAIL PROTECTED] |And your radiance shines http://piglet.is.dreaming.org |Like the moon of all innocent grace
