Marcus Moeller wrote:
> Hi,
>
>
>>> iptables -L -v now shows:
>>>
>>> 0 0 ACCEPT all -- eth0 eth0 anywhere
>>> anywhere state NEW,RELATED,ESTABLISHED
>>>
>>> But the packages are still dropped:
>>>
>>> Feb 9 10:48:20 firewall kernel: DROP-TCP IN=eth0 OUT=eth0
>>> SRC=192.168.100.192 DST=172.28.2.161 LEN=44 TOS=0x00 PREC=0x00 TTL=59
>>> ID=54 PROTO=TCP SPT=9100 DPT=4068 WINDOW=0 RES=0x00 ACK SYN URGP=0
>>>
>>>
>>>
>> My guess is will ACCEPT packets but since you haven't defined
>> a FORWARD or an OUPUT chain it drops them.
>>
>
> As mentioned, I have added a rule like:
>
> /sbin/iptables -A FORWARD -i eth0 -o eth0 -m state --state
> NEW,RELATED,ESTABLISHED -j ACCEPT
>
> to forward packages on the internal device.
>
It's not what you say that counts, it's what
iptables -L -v
says - and it's not there.
Good luck.
--
Article. VI. Clause 3 of the constitution of the United States states:
"The Senators and Representatives before mentioned, and the Members of
the several State Legislatures, and all executive and judicial Officers,
both of the United States and of the several States, shall be bound by
Oath or Affirmation, to support this Constitution; but no religious Test
shall ever be required as a Qualification to any Office or public Trust
under the United States."