Dear Filipe,
On Fri, Feb 6, 2009 at 13:13, Marcus Moeller mm@gcug.de wrote:
I am trying to forward packages on an internal device using iptables:
/sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
What is your network topology? How are the packages being routed and yet leaving through the same interface? Are you using supernetting? Or VLANs based on IP addresses?
The packages should be routed through the internal physical interface (eth0). I am not using VLans nor supernetting on that
What are the IPs in your network interfaces?
The IP configuration on that interface looks like:
NETMASK=255.255.255.0 IPADDR=192.168.100.254
And I have added the following route to it:
172.28.0.0/16 via 192.168.100.100
As you may have read in one of my previous posts, the packages seems to be routed correctly but are blocked by netfilter.
Here is my iptables-config:
http://pastebin.centos.org/23906
but the packages are still blocked, e.g.: Feb 6 20:58:28 firewall kernel: DROP-TCP IN=eth0 OUT=eth0 SRC=192.168.100.177 DST=172.28.2.184 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=16609 PROTO=TCP SPT=7166 DPT=3590 WINDOW=0 RES=0x00 ACK RST URGP=0
From the dump of the iptables it looks like it is reaching the my_drop chain.
In your iptables output the interfaces for the rules do not show... It is also hard to read because lines are wrapped in the e-mail... Could you please run 'iptables -nvL' and post the output to http://pastebin.centos.org/, send us the link here? That might help diagnose your problem.
Here is the output of iptables -nvL
http://pastebin.centos.org/23909
and here the active ruleset:
http://pastebin.centos.org/23912
Best Regards Marcus