LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 03-24-2008, 03:03 AM   #1
oknets10
LQ Newbie
 
Registered: Mar 2008
Posts: 7

Rep: Reputation: 0
iptables problem after del add a rule


Hi all,

I'm adding an SNAT rule and doing ping to check it, and it work fine.
Then I'm deleting the rule and adding it again (without stopping the ping) and the ping will not start work again, I must stop and start the ping in order to the iptables (and ping) work.

Any idea why ? and how to solve it ?
 
Old 03-24-2008, 03:09 AM   #2
sarajevo
Member
 
Registered: Apr 2005
Distribution: Debian, OpenBSD,Fedora,RedHat
Posts: 228
Blog Entries: 1

Rep: Reputation: 31
Hi, give us a iptables code you have
then we can write more, right ?
 
Old 03-24-2008, 03:12 AM   #3
oknets10
LQ Newbie
 
Registered: Mar 2008
Posts: 7

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by sarajevo View Post
Hi, give us a iptables code you have
then we can write more, right ?
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 192.168.11.2

That's all.
 
Old 03-24-2008, 03:35 AM   #4
sarajevo
Member
 
Registered: Apr 2005
Distribution: Debian, OpenBSD,Fedora,RedHat
Posts: 228
Blog Entries: 1

Rep: Reputation: 31
....
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT # you set start rules. Drop everything in INPUT and FORWARD chain, and accept all in OUTPUT chain ( do you understand chains ? )

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT # Accept all from lo interface

I suppose you have this rule on some machine with two network interfaces ?

So, using this rule
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to 192.168.11.2

you allow packets originated from network 192.168.1.0/24 to have source address as they are originating from host 192.168.11.2
You can allow transfer packets from one interface to antoher with the folowing rules :

iptabes -A FORWARD -i $LAN_IFACE -j ACCEPT
iptables -A FORWARD -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT ...
this will allow forward from inside net to outside.

iptables -A FORWARD -o $other_iface -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED, RELATED -j ACCEPT

....
also read http://iptables-tutorial.frozentux.n...-tutorial.html

and more, http://lartc.org/


By the way I do not understand, why you have to stop it when once in work.
 
Old 03-24-2008, 04:13 AM   #5
oknets10
LQ Newbie
 
Registered: Mar 2008
Posts: 7

Original Poster
Rep: Reputation: 0
Hi,

Yes, the rule is on a machine with two interfaces.
You suggest a different way for the same thing, but four rules instead of one. yours is more generic, but I don't need it.
Thanks for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: rule with RETURN target just after a rule with ACCEPT target Nerox Linux - Networking 6 09-04-2011 03:33 PM
iptables(marking) + ip rule add fwmark 1 table 200 + ip route add via GW table 200 ?? amitsharma_26 Linux - Networking 9 05-26-2010 06:42 AM
Add temporary rule to Iptables rickh Linux - Security 3 03-04-2008 10:10 AM
iptables problem: DNAT rule for RTP stream bbeers Linux - Security 2 11-21-2006 10:34 PM
LXer: Print.Print Add to Project.Add to Project Bookmark with del.icio.us Simplify PHP Development with WASP LXer Syndicated Linux News 0 01-21-2006 08:46 PM


All times are GMT -5. The time now is 08:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration