[Comm-en] setting up iptables
Michael Shigorin
mike at osdn.org.ua
Tue Apr 8 17:27:03 MSD 2003
On Tue, Apr 08, 2003 at 06:52:26AM -0600, djbouley wrote:
> > OTOH /usr/lib/iptables/libipt_tcprules.so is not present on my
> I cannot find it on my system either.
Argh, it's my fault -- underreconstructed local configuration.
> Here's the contents of /etc/sysconfig/iptables:
Should be like this: (add one line)
> *filter
:tcprules - [0:0]
> -A INPUT -j tcprules
> -A FORWARD -j tcprules
> -A tcprules -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A tcprules -i ! eth1 -m state --state NEW -j ACCEPT
> -A tcprules -i eth1 -m state --state INVALID,NEW -j DROP
> -A tcprules -i eth1 -j REJECT --reject-with icmp-host-unreachable
> COMMIT
> *nat
> -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
> COMMIT
The story: we've asked iptables to use a specific chain (which
gets reused), but haven't created ("declared") it and no specific
module was found to be used for it.
Somewhat more elaborate config is attached, you can have some
more interesting examples in its comments.
--
---- WBR, Michael Shigorin <mike at altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
More information about the community-en
mailing list