Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
RE: [suse-security] Newbie Question re. Firewall2 vs. IPTABLES (fwd)
  • From: keith@xxxxxxxxxxxxxxxxxxxxxxxx
  • Date: Thu, 24 Jul 2003 12:26:53 +0000 (GMT)
  • Message-id: <Pine.LNX.4.44.0307241225500.1121-100000@xxxxxxxxxxx>


I've just noticed the -j block on the FORWARD chain.

You might need to remove this to enable packets to pass
through the FORWARD chain...

let me know if this works.


On Thu, 24 Jul 2003, Knut Erik Hauslo wrote:

> Keith gave me a very simple example on how to create simple iptable configuration. I adopted most of it - leaving out the logs and denying ICMP on eth1 - and this is how it looks now:

-- snip --

> iptables -A INPUT -j open_port_80
> iptables -A INPUT -j block
> iptables -A FORWARD -j block <-- THIS MAY BE YOUR PROBLEM
> *** End

> However, no packets are ever reaching it's destination on the internal network. How come? My external network is on eth1 and my internal is on eth0. IP Forwarding (YaST, Network Services, Routing) is not enabled. If I do enable IP Forwarding, any packets will go trough the firewall, and eh, that's not what i expected ;-)
> >From sources that i have found, the way of a packet is described like this:
> - if a packet is destined for local host, it will be redirected to the input chain
> - if a packet is not destined for local host, it will be redirected to the forward chain (forwarding needs to be enabled in the kernel - but where - and there must be a routing table in place. Routing table is ok, but since I am a newbie, i do not know where to change this forwarding setting if it is not the setting mentioned above?!?!? :-S (confused smiley)
> Any hints are deeply appreciated!

< Previous Next >
This Thread