[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: which rule dropped the packet?

Change the log rules to have different prefixes, ie:

iptables -i eth0 -d -j LOG --log-prefix "PrivateLanFwd "
iptables -i eth0 -d -j DROP

iptables -i eth0 -d -j LOG --log-prefix "Localhost "
iptables -i eth0 -d -j DROP

Then you'll know.  Sort of annoying to have different rules like that, but, I
only have prefixes for a couple of different tables, and that narrows it down to
a couple of rules which are pretty easy to check by hand.


Afe.to ANTS
POB 1478
Nuku'alofa, Tonga
Ph: Country code 676 - 27946 or 878-1332

Quoting "Peter A. Felvegi" <felvegip@drmatrixbank.hu>:

> hello,
>  is there a way to easily find out which fw rule caused the packet to be
> dropped? the fw logs before drops, but the ips and ports are of little
> help.
>  if i forward a port to the lan, it works fine, can reach a local machine
> from outside.  if i forward the same port to another machine on the inet,
> the fw (on the machine that does the port forwarding) drops the packets.
> why could that be?
> 							thanks, p
> -- 
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org

This mail sent from Tonga's Premiere Internet Cafe
Visit us online at http://www.cafe.afe.to 
discussions @ http://www.nomoa.com/index.php
generic info @  http://www.tongatapu.net.to

Reply to: