Did you follow the gentoo home router guide? I suggest you start over... with the line that says
iptables -F you have LOTS of duplicate rules in your chain, and some of them doesn't make sense: you don't want ACCEPT all -- anywhere anywhere to be on the top of your INPUT chain, since that destroys the whole purpose of having an iptables. One helpful command is iptables -D chain rulenum for example, in the case of the aforementioned ACCEPT policy in the INPUT chain, you do iptables -D INPUT 1 to remove the top most item. Keep in mind that the rules are renumbered everytime you make a change. I suspect, since you are doing routing, that you have multiple interfaces. In that case, it would make much more sense to post iptables -L -v so we can see which interface the rules applies to. W On Sat, Apr 23, 2005 at 04:22:07PM +0600, askar ... wrote: > > What does iptables -L say? > The result is: > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT all -- anywhere anywhere > REJECT udp -- anywhere anywhere udp > dpt:bootps reject-with icmp-port-unreachable > REJECT udp -- anywhere anywhere udp > dpt:domain reject-with icmp-port-unreachable > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > DROP tcp -- anywhere anywhere tcp dpts:0:1023 > DROP udp -- anywhere anywhere udp dpts:0:1023 > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > DROP all -- anywhere 192.168.0.0/16 > DROP all -- anywhere 192.168.0.0/16 > DROP all -- anywhere 192.168.0.0/16 > DROP all -- anywhere 192.168.0.0/16 > ACCEPT all -- 192.168.0.0/16 anywhere > ACCEPT all -- anywhere 192.168.0.0/16 > ACCEPT all -- 192.168.0.0/16 anywhere > ACCEPT all -- anywhere 192.168.0.0/16 > LOG all -- anywhere anywhere LOG level > warning prefix `Dropped outgoing: ' > LOG all -- anywhere anywhere LOG level > warning prefix `Dropped incoming: ' > ACCEPT all -- 192.168.0.0/16 anywhere > ACCEPT all -- anywhere 192.168.0.0/16 > ACCEPT all -- 192.168.0.0/16 anywhere > ACCEPT all -- anywhere 192.168.0.0/16 > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > -- > gentoo-user@gentoo.org mailing list -- ---------------------------------------------------------------- * Address: 45 Spelman Hall, Princeton University 08544 * * Phone: x68958 AIM: AngularJerk * * E-mail: [EMAIL PROTECTED] From: sep.dynalias.net * ---------------------------------------------------------------- "Those of you who are yawning are ok, but if you're terrified you should speak up." ~DeathMech, S. Sondhi. P-town PHY 205 Sortir en Pantoufles: up 12 days, 4:26 -- gentoo-user@gentoo.org mailing list
