[CentOS] Host Machine and Iptables problem

Barry Brimer lists at brimer.org
Tue May 1 07:03:52 UTC 2012


> Yes, I thought the same but my confusion is that I don't see any rules of 
> PREROUTING and POSTROUTING in the /etc/sysconfig/iptables file.
>
> [root at VS01]# cat /etc/sysconfig/iptables
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j 
> ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT
> -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
>
>
> But when I check the command iptables -L -t nat I can see the NAT rules
>
> [root at VS01]# iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 
> 1024-65535
> MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 
> 1024-65535
> MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24
> MASQUERADE  tcp  --  192.168.100.0/24    !192.168.100.0/24    masq ports: 
> 1024-65535
> MASQUERADE  udp  --  192.168.100.0/24    !192.168.100.0/24    masq ports: 
> 1024-65535
> MASQUERADE  all  --  192.168.100.0/24    !192.168.100.0/24
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> am I missing something?

Maybe .. do you have IPv4 forwarding enabled?  What is the output of
"cat /proc/sys/net/ipv4/ip_forward" ?? If it is 0, then edit 
/etc/sysctl.conf .. find net.ipv4.ip_forward .. set it to 1 and then run 
(as root) sysctl -p




More information about the CentOS mailing list