ip - masquerading / iptables

root root at CLARA.host1.linuxfromscratch.org
Mon Jun 25 15:55:08 PDT 2001


On Monday 25 June 2001 07:19, you wrote:
> On Mon, Jun 25, 2001 at 01:19:44AM +0200, Max Schattauer wrote:
> > Hi there!
> >
> > I have a really *wierd* problem switching over to ipchains.
> >
> > On my MASQ-host (linux 2.4.5, isdn connection) the ipchains-
> > configuration is working. I threw that out and tried to set up
> > iptables, first everything looked fine, too. Modules are loading and
> >
> > iptables -t nat -A POSTROUTING -o ippp0 -j MASQUERADE
> >
> > also looks fine. The only problem (the *real* one) is that the clients
> > can't connect tho the Internet. Did anyone encounter that before?
>
> That'll mean that any outgoing connections are masqueraded. But what
> about the reply packets (which are INCOMING)?
>
> My guess is that you've got the policy filter set to reject or drop.
>
> In which case, the usual command is...
> iptables -t filter -A INPUT -m state --state ESTABLISHED    -j ACCEPT


This iptables string works fine for me     " iptables -t nat -A POSTROUTING 
-o ippp0 -j MASQUERADE". I'm looking at IE on one of my gatewayed machines 
right now. I do have a question for the writer though -  are you using an 
init script (e.g., one that sources "/etc/init.d/functions"), or entering 
this manually at a term? In other words, how do you know its working?
	Regards,
	Craig


-- 
Unsubscribe: send email to lfs-apps-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message



More information about the blfs-support mailing list