Re: iptables question

[Pascal Hambourg <pascal@plouf.fr.eu.org>]

Le 13/11/2016 à 20:40, deloptes a écrit :
> Pascal Hambourg wrote:
>
> > Did you check the routing table on the firewall and the targets ? Do
> > they have a route to all the 10.0.0.0/24 range ?
>
> the one I posted is on the firewall - firewall is the one I am trying to
> modify.

The one you posted ? I didn't see a routing table in any of your posts.

> I am not sure that I have a rule to all the 10.0.0.0/24 range, but even if I
> replace 10.0.0.1/32 with 10.0.0.0/24 it does not work

You should double check that.

> > This ruleset does not need improvements but a total rewrite.
>
> Yes I was thinking the same, I'll put it on the TODO. I even tried once with
> fw builder - it couldn't even import properly, because import and export
> produced not working firewall.

Just insert this rule and check whether it changes anything :

iptables -I FORWARD -j ACCEPT

If SSH works then the ruleset is faulty and I'll have to double-check 
it. If SSH does not work, then the cause is elsewhere.

You can remove the rule with

iptables -D FORWARD -j ACCEPT