[CentOS] iptables: forwarding on internal device
Marcus Moeller
mm at gcug.de
Tue Feb 10 20:31:19 UTC 2009
Dear Nataraj,
>> > You are going to have to add rules to both your INPUT and OUTPUT
>> > chains to allow this traffic through. Could you send on a copy of
>> > /etc/sysconfig/iptables, if that is how your are loading these rules?
>> > I could then send you the exact commands to run.
>
> One thing I notice is that you call the my_drop chain from INPUT, OUTPUT
> and FORWARD chains. Since you are trying to route packets in/out the
> same interface, there is no way to tell whether the packets are actually
> being dropped on INPUT, OUTPUT or FORWARD. If you were to change
> things, at least temporarily so that your DROP printed a different
> message for INPUT, OUTPUT and FORWARD, you would at least be able to
> tell where the packets are being dropped. The fastest way to do this
> might be to duplicate the my_drop chain as my_drop_input, my_drop_output
> and my_drop_forward, change the message in each and call the correct one
> from each chain. Then you would at least know where the problem was.
Thanks for the tip. I am going to give it a try.
Best Regards
Marcus
More information about the CentOS
mailing list