From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Tue, 8 Apr 2003 16:27:03 +0300 From: Michael Shigorin To: Community-en@altlinux.org Cc: community@altlinux.ru Subject: Re: [Comm-en] setting up iptables Message-ID: <20030408132703.GE2302@osdn.org.ua> Mail-Followup-To: Community-en@altlinux.org, community@altlinux.ru References: <200304080652.26945.djbouley@shaw.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200304080652.26945.djbouley@shaw.ca> User-Agent: Mutt/1.4.1i Sender: community-en-admin@altlinux.org Errors-To: community-en-admin@altlinux.org X-BeenThere: community-en@altlinux.org X-Mailman-Version: 2.0.9 Precedence: bulk Reply-To: community-en@altlinux.org List-Unsubscribe: , List-Id: List-Post: List-Help: List-Subscribe: , List-Archive: Archived-At: List-Archive: List-Post: On Tue, Apr 08, 2003 at 06:52:26AM -0600, djbouley wrote: > > OTOH /usr/lib/iptables/libipt_tcprules.so is not present on my > I cannot find it on my system either. Argh, it's my fault -- underreconstructed local configuration. > Here's the contents of /etc/sysconfig/iptables: Should be like this: (add one line) > *filter :tcprules - [0:0] > -A INPUT -j tcprules > -A FORWARD -j tcprules > -A tcprules -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT > -A tcprules -i ! eth1 -m state --state NEW -j ACCEPT > -A tcprules -i eth1 -m state --state INVALID,NEW -j DROP > -A tcprules -i eth1 -j REJECT --reject-with icmp-host-unreachable > COMMIT > *nat > -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE > COMMIT The story: we've asked iptables to use a specific chain (which gets reused), but haven't created ("declared") it and no specific module was found to be used for it. Somewhat more elaborate config is attached, you can have some more interesting examples in its comments. -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/