2014-08-10 01:49 keltezéssel, Mike McClain írta: >> It's a rather complicated, sometimes overcomplicated script. But some >> rules are missing and/or not in the correct order. > > I've little doubt you are correct, admittedly I'm flailing a bit. > Trying this and that with little luck. > I'd appreciate it if you'ld be a little more explicit as to what's > missing and out of order. I'm running no external services.
Sorry, there were too many mistakes in the script, it would be too many mails to clean the errors in it. > I did exactly as you suggested, implimenting a minimalist set of rules, > only the 5 you mentioned and saw improvement. now the Win2K box can > ping google.com and get a reply but IE still can't connect to > Google.com nor several other sites I tried, still reporting, > "Cannot find server or DNS error." > > Thanks for your help. > Any further suggestions? If the DNS seems to be the problem (according to the message) then the first todo is to debug DNS settings. On Windows you can check the proper DNS with ipconfig /all command and check whether DNS is properly set or not. Another debug solution can be to insert LOG rules at the end of the script iptables -A FORWARD -j LOG --log-prefix iptables-forward iptables -A INPUT -j LOG --log-prefix iptables-input then with checking the log you can see what is dropped. But be careful. There can be a lot of log lines. But for debugging it can be a good solution. Usually it is worth to create a junk chain and drop a lot of known packets without logging (of course only if you know they are really junk) -- --- Friczy --- 'Death is not a bug, it's a feature' -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e7b86b.9030...@freemail.hu
