On Mon, 11 Nov 2002, Rob B wrote: > I'm having a hard time deciphering iptables rules. Would any of these > rules cause a "sendto: operation not permitted" error?
Look at /proc/sys/net/ipv4/ip_forward It should be = 1 if you are doing forwarding. Also look at your routing table - route -n Your problem sounds more like something not responding to an arp request - tcpdump might just be your friend. > > bunbun:~# iptables --list > Chain INPUT (policy DROP) > target prot opt source destination > ipac_in all -- anywhere anywhere > ACCEPT all -- anywhere anywhere > LOG all -- 127.0.0.0/8 anywhere LOG level warning > DROP all -- 127.0.0.0/8 anywhere > ACCEPT all -- anywhere 255.255.255.255 > ACCEPT all -- 10.0.0.0/24 anywhere > LOG !tcp -- anywhere 224.0.0.0/4 LOG level warning > DROP !tcp -- anywhere 224.0.0.0/4 > LOG all -- 10.0.0.0/24 anywhere LOG level warning > DROP all -- 10.0.0.0/24 anywhere > ACCEPT all -- anywhere 255.255.255.255 > LOG all -- anywhere anywhere LOG level warning > DROP all -- anywhere anywhere > > Chain FORWARD (policy DROP) > target prot opt source destination > ipac_in all -- anywhere anywhere > ipac_out all -- anywhere anywhere > ACCEPT all -- 10.0.0.0/24 anywhere > LOG all -- anywhere 10.0.0.0/24 LOG level warning > DROP all -- anywhere 10.0.0.0/24 > LOG all -- anywhere anywhere LOG level warning > DROP all -- anywhere anywhere > > Chain OUTPUT (policy DROP) > target prot opt source destination > ipac_out all -- anywhere anywhere > ACCEPT all -- anywhere anywhere > ACCEPT all -- anywhere 255.255.255.255 > ACCEPT all -- anywhere 10.0.0.0/24 > ACCEPT !tcp -- anywhere 224.0.0.0/4 > LOG all -- anywhere 10.0.0.0/24 LOG level warning > DROP all -- anywhere 10.0.0.0/24 > ACCEPT all -- anywhere 255.255.255.255 > LOG all -- anywhere anywhere LOG level warning > DROP all -- anywhere anywhere > > The ipac_in and ipac_out rules consist only of LOG targets, so I haven't > included them. > > cheers, > rob > > > -- > Decisions terminate panic. > > This is random quote 417 of a collection of 1255 > > Distance from the centre of the brewing universe: > [15200.8 km (8207.8 mi), 262.8 deg](Apparent) Rennerian > > Public Key fingerprint = 6219 33BD A37B 368D 29F5 19FB 945D C4D7 1F66 D9C5 > > -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "Flatter government, not fatter government." - me Get rid of the Australian states. ------------------------------------------ If electricity comes from electrons, does morality come from morons? -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
