Am Di, den 15.06.2004 schrieb fedora um 20:51: > Thanks for your help so far- > still no luck with the Host web browser. > > 1_ How should I enter that last -s !? > #"iptables -A INPUT -s ! 192.168.0.0/16 -j DROP " ...? see below ... > d) flushed rules and reset, without the "-s !" > # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > # iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT > # iptables -A FORWARD -d 192.168.0.0/16 -j ACCEPT Just as a question: the # are just in your mail? Hope so! Leave away line 2 and 3. Just use the POSTROUTING rule and none for FORWARD, given that the FORWARD policy is set to accept. > anything else I should try? > Or go straight to another tool, as others have suggested? As a general rule: start with simple setups! Do not more with iptables as needed. So use the MASQUERADE in POSTROUTING nat table and all else on accept - for the initial function testing. Later you can go through and close things. Question: how is your router connected to the internet? Try echo 0 > /proc/sys/net/ipv4/tcp_ecn Maybe you are hit by a broken DSL router/modem which does not handle ECN proper. Maybe you must use mssclamping on the router: iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu > Chris Alexander P.S. please strip your quotes and do not top-post! thanks -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 Serendipity 21:12:07 up 17:39, 8 users, 1.32, 0.47, 0.27
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
