Sorry for the typo 192.168.199.254/24 and .. I just dont get how i can have two sets of identical iptables rules, and routes for, two ip ranges comming from the same router, with the same acls on the routers .. and the one is dropped when it hits the linux bux and the other goes through no problem.. On 7/24/07, Andy Green <andy@xxxxxxxxxxx> wrote:
Somebody in the thread at some point said: >> iptables -t nat -A POSTROUTING -s $DMZ -o eth0 -j MASQUERADE >> is the only MASQUERADE that is relavant . $DMZ = 192.168.1.0/24 the hq >> cisco router sits in the dmz. >> I have listed below the the rules i have in the fire wall that are >> relavant >> >> iptables -A FORWARD -d 192.168.199.253 -j ACCEPT << doesnt work >> iptables -A FORWARD -s 192.168.199.253 -j ACCEPT << doesnt work Don't you need a -p tcp between the FORWARD and the -d / -s? For other iptables commands anyway it insists to have the protocol named before it can interpret the addresses you are giving. Also you mentioned earlier 192.168.199.254/24, AIUI that is evil, you must actually use 192.168.199.0/254 to give that properly in CIDR. Of course maybe you just typed it in the email and it is fine if used in CIDR. -Andy -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
-- Gregory Machin gregory.machin@xxxxxxxxx www.linuxpro.co.za