[CentOS] iptables: forwarding on internal device
Michael Peterson
mpeterson at mail.charlesfurniture.com
Mon Feb 9 17:55:29 UTC 2009
Hello,
The system you are trying to forward with has at least two nics on
different networks?
However you are trying to forward between aliases on one nic that is
located on your internal network?
And the other nic connects to a DMZ or gateway network?
This system is not a decicated routing/forwarding system but runs other
services for network clients/servers that connect to it?
Michael
Marcus Moeller wrote:
> Hi,
>
>
>>> iptables -L -v now shows:
>>>
>>> 0 0 ACCEPT all -- eth0 eth0 anywhere
>>> anywhere state NEW,RELATED,ESTABLISHED
>>>
>>> But the packages are still dropped:
>>>
>>> Feb 9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
>>> SRC=192.168.100.192 DST=172.28.2.161 LEN=44 TOS=0x00 PREC=0x00 TTL=59
>>> ID=54 PROTO=TCP SPT=9100 DPT=4068 WINDOW=0 RES=0x00 ACK SYN URGP=0
>>>
>>>
>>>
>> My guess is will ACCEPT packets but since you haven't defined
>> a FORWARD or an OUPUT chain it drops them.
>>
>
> As mentioned, I have added a rule like:
>
> /sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
> NEW,RELATED,ESTABLISHED -j ACCEPT
>
> to forward packages on the internal device.
>
> Best Regards
> Marcus
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list