Re: creepy iptables problem.. please help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Somebody in the thread at some point said:
>> iptables -t nat -A POSTROUTING -s $DMZ -o eth0 -j MASQUERADE
>> is the only MASQUERADE that is relavant . $DMZ = 192.168.1.0/24 the hq
>> cisco router sits in the dmz.
>> I have listed below the the rules i have in the fire wall that are
>> relavant
>>
>> iptables -A FORWARD -d 192.168.199.253  -j ACCEPT  << doesnt work
>> iptables -A FORWARD -s 192.168.199.253  -j ACCEPT << doesnt work

Don't you need a -p tcp between the FORWARD and the -d / -s?  For other
iptables commands anyway it insists to have the protocol named before it
can interpret the addresses you are giving.

Also you mentioned earlier 192.168.199.254/24, AIUI that is evil, you
must actually use 192.168.199.0/254 to give that properly in CIDR.  Of
course maybe you just typed it in the email and it is fine if used in CIDR.

-Andy


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux