Re: creepy iptables problem.. please help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sorry for the typo 192.168.199.254/24 and ..

I just dont get how i can have two sets of identical iptables rules,
and routes for, two ip ranges comming from the same router, with the
same acls on the routers .. and the one is dropped when it hits the
linux bux and the other goes through no problem..



On 7/24/07, Andy Green <andy@xxxxxxxxxxx> wrote:
Somebody in the thread at some point said:
>> iptables -t nat -A POSTROUTING -s $DMZ -o eth0 -j MASQUERADE
>> is the only MASQUERADE that is relavant . $DMZ = 192.168.1.0/24 the hq
>> cisco router sits in the dmz.
>> I have listed below the the rules i have in the fire wall that are
>> relavant
>>
>> iptables -A FORWARD -d 192.168.199.253  -j ACCEPT  << doesnt work
>> iptables -A FORWARD -s 192.168.199.253  -j ACCEPT << doesnt work

Don't you need a -p tcp between the FORWARD and the -d / -s?  For other
iptables commands anyway it insists to have the protocol named before it
can interpret the addresses you are giving.

Also you mentioned earlier 192.168.199.254/24, AIUI that is evil, you
must actually use 192.168.199.0/254 to give that properly in CIDR.  Of
course maybe you just typed it in the email and it is fine if used in CIDR.

-Andy

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



--
Gregory Machin
gregory.machin@xxxxxxxxx
www.linuxpro.co.za


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux