Re: iptables DNAT --to-destination problem
From: Anders Larsen (a.larsen@identecsolutions.de)Date: 05/07/02
- Next message: Tony: "UDP Port 7 Activity"
- Previous message: BA: "Re: iptables DNAT --to-destination problem"
- In reply to: Christian Wiese: "Re: iptables DNAT --to-destination problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Anders Larsen <a.larsen@identecsolutions.de> Date: Tue, 07 May 2002 12:20:13 +0200
Christian Wiese wrote:
> Anders Larsen <al@alarsen.net> wrote in message news:<pan.2002.05.06.20.06.20.458034.1312@alarsen.net>...
>>
> $IPTABLES -A INPUT -p udp -s $client --sport $p_high --dport xdmcp -j
> JUSTLOG
>
> This is inclued, but it does not log the package. I think it is the
> correct rule.
You changed the destination address of the packet in the nat
PREROUTING, so the packet never enters the INPUT chain.
> It may be possible the the FORWARD chain match the
> generated packes, but in these case the error logging of the firewall
> have to log the package. But nothing is logged.
> $IPTABLES -A FORWARD -p udp -s $client --sport $p_high --dport xdmcp
> -j JUSTLOG
> After that includes the firewall doesnt logg FORWARD packages too :-(
You did remember to include it _before_ the -A FORWARD ... -j ACCEPT ?
>> You might try to configure B to act as a bridge between A and C+D
>> (see the Bridging mini-HOWTO and the Bridge+Firewall mini-HOWTO),
>> since a bridge can and will pass broadcasts. YMMV.
> where can I get this Howto's?
http://www.tldp.org/
http://www.tldp.org/HOWTO/HOWTO-INDEX/mini.html
Cheers
Anders
- Next message: Tony: "UDP Port 7 Activity"
- Previous message: BA: "Re: iptables DNAT --to-destination problem"
- In reply to: Christian Wiese: "Re: iptables DNAT --to-destination problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
