I thought about logging the incoming packets until I can figure out what's going on, but am not totally clear on how to implment it. If I specify a "-j LOG" before the lines for forwarding the external connections to the server, will that halt processing on the LOG line (does it fall off the chain at this point)? or does it simply log the packet and pass it to the next rule?
Also, with regards to logging, I'm not sure how/where to examine the logs after the fact. I'm sure there's a file, or an iptables command, but haven't found it yet. I've noted that when I DO use the log options, the log messages show up in my console session (hence the reason I'm not using logs right now). Do I need to do something to reroute these messages to a file? Or even to TTY8 or something like that. As for the Gateway, the router's internal IP is 192.168.0.1 - this is the default gateway for the server. Is this not correct? Should I be clearing the server's gateway? Thanks for the help Wade (and all others). I owe ya a beer. Shawn -----Original Message----- From: Wade Dyck [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 15, 2003 8:28 AM To: [EMAIL PROTECTED] Subject: RE: (clug-talk) Need help with IPTables / router configuration Hi Shawn, Nothing is jumping out at me as being the problem.... Are the IPs and masks correct? Is the internal server using the firewall as a gateway? This could be the problem because when you access it via the external address from your workstation, the IP is SNATed to the firewalls internal IP. Otherwise the connection will only be DNATed so the server will see the real external IP of the client and must return through the firewall. You might want to use tcpdump in conjunction with some -j LOG targets to narrow this down Wade.
