On 11/17/2005 08:54 AM, Peter A. Taylor wrote:
On Wednesday 16 November 2005 22:10, Darryl Gregorash wrote:
Mea culpa; there are actually 3 independent tables in the firewall (filter, nat and mangle), and the command as I gave it to you only gives the state of the "filter" table. All the masquerading rules are in the "nat" table. Perhaps we really need to be looking at the raw rules anyway, for which there is the "iptables-save" command. Each line of the output is essentially the parameters of a single "iptables" commandline as the firewall script created it. Just run "iptables-save" as root, with no parameters, and post the results. This command outputs all three of the tables by default.
Thanks. The output is enclosed below. I tried this with SuSE 8.2 and 9.3 as well. Several things jump out at me. Grrrr
First, put your actual internal netmask, eg. 192.168.1.0/24, into FW_MASQ_NETS in the firewall config file -- you can simply edit the file to do this, but run "/etc/init.d/SuSEfirewall_setup restart" immediately after, if you are already connect to the internet. Next, while connected to the internet, as root, run "/sbin/SuSEfirewall2 debug" and see what you get. Your output *should* include lines like these: iptables -A forward_int -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -s 192.168.1.0/24 -o eth1 iptables -A forward_int -d 192.168.1.0/24 -i eth1 -j ACCEPT -m state --state ESTABLISHED,RELATED iptables -A forward_ext -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -s 192.168.1.0/24 -o eth1 iptables -A forward_ext -d 192.168.1.0/24 -i eth1 -j ACCEPT -m state --state ESTABLISHED,RELATED iptables -A POSTROUTING -j MASQUERADE -t nat -s 192.168.1.0/24 -o eth1 Don't simply pipe the firewall debug output through grep, because I'd like to see the complete output.