simple iptables firewall not quite working
2.4.18 kernel and LAN are working. Now my first iptables. ipchains was
working with the 2.2.19 kernel. I have read and followed all the
diagnostics from the Linux IP Masquerade HOWTO
The first possible is that their telnet tests won't work but they don't
say what to do at that point.
telnet: Unable to connect to remote host: No route to host
Loading their firewall I get:
Loading simple rc.firewall version 0.63..
External Interface: ppp0
Internal Interface: eth0
loading modules: - Verifying that all kernel modules are ok
ip_tables, insmod: ip_tables: no module by that name found
ip_conntrack, insmod: ip_conntrack: no module by that name found
ip_conntrack_ftp, insmod: ip_conntrack_ftp: no module by that name found
ip_conntrack_irc, insmod: ip_conntrack_irc: no module by that name found
iptable_nat, Using
/lib/modules/2.4.18/kernel/net/ipv4/netfilter/iptable_nat.o
insmod: a module named iptable_nat already exists
ip_nat_ftp, Using /lib/modules/2.4.18/kernel/net/ipv4/netfilter/ip_nat_ftp.o
insmod: a module named ip_nat_ftp already exists
. Done loading modules.
enabling forwarding..
enabling DynamicAddr..
clearing any existing rules and setting default policy..
FWD: Allow all connections OUT and only existing and related ones IN
iptables: No chain/target/match by that name
Enabling SNAT (MASQUERADE) functionality on ppp0
Done.
I presume the module stuff is not a problem. I do have iptables (and
debugging) built into the kernel.
Just to save you the trouble the lines producing the no match are:
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state \
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
Thanks for anything,
Paul Scott
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: