Re: POSTROUTING chain not built...

Subject:	Re: POSTROUTING chain not built...
From:	Ramin Alidousti
Date:	Tue, 30 Apr 2002 10:53:11 -0400

Try:

/sbin/iptables -L -nv -t filter
/sbin/iptables -L -nv -t nat
/sbin/iptables -L -nv -t mangle

to see everything.

Ramin

On Tue, Apr 30, 2002 at 09:23:00AM -0500, Bob Hillegas wrote:

> I am using RH 7.1, kernel 2.4.9-21 and iptables.1.2.4-0.71.2 from a RedHat 
> rpm.
> 
> When I run the following script and then produce a rules listing 
> (/sbin/iptables --list -nv --line-numbers) I do NOT get any indication 
> that the POSTROUTING chain has been built.
> 
> What do I check next?
> 
> Thanks, BobH
> 
> #-----------<script>---------------------------------------------------------------
> modprobe ip_conntrack_ftp
> modprobe ip_nat_ftp
> 
> # Enable IP forwarding between interfaces FIRST (sets defaults for others)
> # Needed for MASQUERADE'ing
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> # Remove any existing rules from all chains
> iptables --flush
> iptables -t nat --flush
> iptables -t mangle --flush
> 
> # Unlimited traffic on the loopback interface
> iptables -A INPUT  -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
> 
> # Unlimited traffic on the local LAN interface
> iptables -A INPUT  -i eth0 -j ACCEPT
> iptables -A OUTPUT -o eth0 -j ACCEPT
> 
> # Set the default policy to drop
> iptables --policy INPUT   DROP
> iptables --policy OUTPUT  DROP
> iptables --policy FORWARD DROP
> 
> iptables -t nat --policy PREROUTING  ACCEPT
> iptables -t nat --policy POSTROUTING ACCEPT
> 
> # Remove any pre-existing user-defined chains
> iptables --delete-chain
> iptables -t nat --delete-chain
> iptables -t mangle --delete-chain
> 
> #...........................
> # More general rule
> 
> iptables -t nat -A POSTROUTING -o ppp0  \
>        -j MASQUERADE
> 
> # Disallow NEW & INVALID incoming or forwarded packets from ppp0
> 
> iptables -A INPUT -i ppp0 \
>        -m state --state NEW,INVALID \
>        -j DROP
> 
> iptables -A FORWARD -i ppp0 \
>        -m state --state NEW,INVALID \
>        -j DROP
> 
> #-----------</script>------------------------------
> 
> Output of /sbin/iptables --list -nv --line-numbers:
> 
> Chain INPUT (policy DROP 0 packets, 0 bytes)
> num   pkts bytes target     prot opt in     out     source               
> destination         
> 1        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            
> 0.0.0.0/0          
> 2        1    76 ACCEPT     all  --  eth0   *       0.0.0.0/0            
> 0.0.0.0/0          
> 3        0     0 DROP       all  --  ppp0   *       0.0.0.0/0            
> 0.0.0.0/0          state INVALID,NEW 
> 
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> num   pkts bytes target     prot opt in     out     source               
> destination         
> 1        0     0 DROP       all  --  ppp0   *       0.0.0.0/0            
> 0.0.0.0/0          state INVALID,NEW 
> 
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> num   pkts bytes target     prot opt in     out     source               
> destination         
> 1        0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            
> 0.0.0.0/0          
> 2        0     0 ACCEPT     all  --  *      eth0    0.0.0.0/0            
> 0.0.0.0/0          
> 
> 
> -- 
> -------------------------------------------------
> Bob Hillegas           
> <bobhillegas@xxxxxxx> 
> 281.546.9311          
> 
> 
> 
>

<Prev in Thread]	Current Thread	[Next in Thread>
POSTROUTING chain not built..., Bob Hillegas Re: POSTROUTING chain not built..., Ramin Alidousti <=

Previous by Date:	Re: Compile problems with iptables-1.2.6a, nickd
Next by Date:	Re: "-j REJECT --reject-with icmp-time-exceeded", Ramin Alidousti
Previous by Thread:	POSTROUTING chain not built..., Bob Hillegas
Next by Thread:	unsuscribe, martincho
Indexes:	[Date] [Thread] [Top] [All Lists]