[CentOS] iptables: forwarding on internal device

Mon Feb 9 13:23:02 UTC 2009
Marcus Moeller <mm at gcug.de>

Hi,

>> iptables -L -v now shows:
>>
>>     0     0 ACCEPT     all  --  eth0   eth0    anywhere
>> anywhere            state NEW,RELATED,ESTABLISHED
>>
>> But the packages are still dropped:
>>
>> Feb  9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
>> SRC=192.168.100.192 DST=172.28.2.161 LEN=44 TOS=0x00 PREC=0x00 TTL=59
>> ID=54 PROTO=TCP SPT=9100 DPT=4068 WINDOW=0 RES=0x00 ACK SYN URGP=0
>>
>>
> My guess is will ACCEPT packets but since you haven't defined
> a FORWARD or an OUPUT chain it drops them.

As mentioned, I have added a rule like:

/sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
NEW,RELATED,ESTABLISHED -j ACCEPT

to forward packages on the internal device.

Best Regards
Marcus