iptables problem after del add a rule
I'm adding an SNAT rule and doing ping to check it, and it work fine.
Then I'm deleting the rule and adding it again (without stopping the ping) and the ping will not start work again, I must stop and start the ping in order to the iptables (and ping) work.
Any idea why ? and how to solve it ?
Hi, give us a iptables code you have :)
then we can write more, right ?
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT # you set start rules. Drop everything in INPUT and FORWARD chain, and accept all in OUTPUT chain ( do you understand chains ? )
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT # Accept all from lo interface
I suppose you have this rule on some machine with two network interfaces ?
So, using this rule
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 192.168.11.2
you allow packets originated from network 192.168.1.0/24 to have source address as they are originating from host 192.168.11.2
You can allow transfer packets from one interface to antoher with the folowing rules :
iptabes -A FORWARD -i $LAN_IFACE -j ACCEPT
iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT ...
this will allow forward from inside net to outside.
iptables -A FORWARD -o $other_iface -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED, RELATED -j ACCEPT
also read http://iptables-tutorial.frozentux.n...-tutorial.html
and more, http://lartc.org/
By the way I do not understand, why you have to stop it when once in work.
Yes, the rule is on a machine with two interfaces.
You suggest a different way for the same thing, but four rules instead of one. yours is more generic, but I don't need it.
Thanks for your help.
|All times are GMT -5. The time now is 05:06 PM.|