I am not familiar with FC so I can't advise you with how it does things. Maybe another poster can. If you feel comfortable reading bash scripts, you can take a look at the script FC uses to start the firewall and use man pages to aid you in interpreting the contents of iptables-config. The script is probably called /etc/init.d/iptables.
Another alternative is turn off Fedora Core's normal iptables script and have it run your custom script at startup instead. This is done by changing a symlink in /etc/rc3.d (assuming you are at runlevel 3). I can advise you how to do this manually. There is probably a tool designed to aid you with that, but I can't advise you about that. I am glad you got the zeroconf problem solved. That seems really strange to me. I will have to research that sometime. Well, I do expect to learn some things posting here! |
just curious: i've always been under the impression that, on red hat distros, doing this would take care of saving your iptables config without the need to edit any files manually:
Code:
service iptables save as for the iptables-config file, i too am not familiar with that, but i read the name of those parameters and i think i understand what they do judging by their names... those settings it has sound fine to me in that regard... the only weird thing i saw was that the name of the iptable_nat module had a space in it, like: Quote:
|
Quote:
Code:
IPTABLES_CONFIG=/etc/sysconfig/iptables |
I am sorry for the long silence. I have been too busy this week and newton seems not to be causing any noticeable problems.
Thank you very much for your comments. I am sorry for my ignorance. You are completely right: Code:
service iptables save Regarding Code:
iptab le_nat Code:
IPTABLES_MODULES="ip_tables ip_conntrack ip_conntrack_ftp ip_conntrack_irc iptable_nat ip_nat_ftp ip_conntrack_netbios_ns" Code:
Dropped 1121 packets on interface eth1 I have listed below all the FORWARD drops form yesterday, which again I don’t understand. Code:
Aug 17 05:18:20 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.16 DST=209.132.177.50 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=54593 DF PROTO=TCP SPT=52315 DPT=80 WINDOW=110 RES=0x00 ACK FIN URGP=0 |
Quote:
There were two packets which both entered and exited on eth0 when the address would indicate it should come in on eth1: Code:
Aug 17 11:04:40 newton kernel: FORWARD DROP: IN=eth0 OUT=eth0 SRC=192.168.30.108 DST=200.17.114.40 LEN=105 TOS=0x00 PREC=0x00 TTL=127 ID=6300 PROTO=UDP SPT=1588 DPT=53 LEN=85 The three that don't meet any of the above criteria are: Code:
Aug 17 14:15:23 newton kernel: FORWARD DROP: IN=eth1 OUT=eth0 SRC=192.168.30.136 DST=207.46.24.46 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=1668 PROTO=TCP SPT=3288 DPT=1863 WINDOW=0 RES=0x00 ACK URGP=0 Also, heberrdacruz, I don't know how much you know about the tools in the Unix world, so forgive me if you already know this, but the grep command can come in quite handy in sorting through data like this. EDIT: ipchains had the ability to adjust the timing parameters used in MASQueraded connections. I am unaware of any such ability in iptables to adjust the timing parameters for MASQUERADEd or SNATed connections. Does anybody know if there is a way to do that and whether it might have any bearing on the situation described here? |
All times are GMT -5. The time now is 06:54 PM. |