Hi, No I wasn't forgotten to put the rules for OUTPUT. When I tested the rules I logged every dropped packet in my syslog. I found 10.1.1.203 with IN=eth0 OUT= means the trouble start right at receiving the packet.
Thanks for the suggestion :) Kind regards Michel. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yuriy Vostrikoff Sent: zaterdag 31 augustus 2002 13:14 To: [EMAIL PROTECTED] Cc: [email protected] Subject: Re: iptables - problem with a subnet "Michel Pikkaart" <[EMAIL PROTECTED]> writes: > I have a little network <IP>/29 at home. My server has IP number > x.x.x.206. What I would like is to give all my computers on my local > network full access to my server. So I put this as first at top of my > iptables list. for example my ranges is 10.1.1.0/29 > > -A INPUT -s 10.1.1.200/29 -j ACCEPT (policy is DROP) > > but this doesn't work. So I try the rules here below and this does > work very well. > > > Does someone know what I'm doing wrong? > Probably you forgot to permit packets get out from server : -A OUTPUT -d 10.1.1.200/29 -o eth0 -j ACCEPT same for FORWARD chain. And it`s better to set in/out interfaces explicitly. You should add at the bootom of every chain log rules to see what`s going on. -- Mon at phobos.loc Der kalte Mond in voller Pracht... The Moon is Waning Crescent (46% of Full) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
