Re: Routing problem

[gaston]

-----Original Message-----
This is feeling like a firewall issue to me so lets look more closely at
that.

Not knowing your firewall script (I have lazily allowed shorewall to
abstract my thinking to it way of doing things) why don't we take a look
at the rules as the are actually in iptables  

why don't you post the output of iptables-save -c and lets take a look
at what iptables is really doing?

Bret

--------------------------------------------------------------------------
These are the scripts I'm using for iptables, i really appreciate your
help, my job depends on this.


#!/bin/bash

iptables -F
iptables -t nat -F
iptables -t mangle -F


iptables -A INPUT -i lo -p all -j ACCEPT                      
iptables -A OUTPUT -o lo -p all -j ACCEPT

iptables -A INPUT -i eth0 -p ICMP -j ACCEPT

iptables -A INPUT -p ALL -i eth0

iptables -A FORWARD -i eth0 -p ALL -j ACCEPT

iptables -A OUTPUT -o eth0 -p all -j ACCEPT

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT


iptables -A INPUT -i eth0 -p TCP --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 80 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth0 -p UDP --dport 53 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 3306 -m state --state NEW -j ACCEPT

iptables -P INPUT DROP 
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT                                    


then I run other script which enables forwarding for the clients

iptables -A INPUT -s $IP -i eth1 -m mac --mac $MAC 
iptables -A FORWARD -s $IP -i eth1 -m mac --mac $MAC 


-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list