[NBLUG/talk] iptables guidance/guru?

Glen Gunsalus G-Gunsalus at Mindspring.com
Mon Feb 12 13:59:05 PST 2007


>>> "Tim C. Lewis" said:
 > 
 > 
 > On Mon, 12 Feb 2007, Glen Gunsalus wrote:
 > > However, the default iptables set up by S35firewall (and probably the natt
  >ing)
 > > doesn't let me pass traffic between the subnets.
 > 
 > could it just be that ip forwarding isn't enabled?
 > do: cat /proc/sys/net/ipv4/ip_forward;
 > output should be 1, not 0.  if 0:
 > echo 1 > /proc/sys/net/ipv4/ip_forward;
 > and/or add "net.ipv4.ip_forward = 1" to /etc/sysctl.conf and run
 > sysctl -p /etc/sysctl.conf
 > 
 > that's the first thing that comes to mind.  dunno what the default setting 
 > for openwrt is.

default allows port forwarding  (cat /proc/sys/net/ipv4/ip_forward
1)

 > 
 > 
 > > Is there a sane way to get where I want w/o having to master iptables ((lo
  >oks
 > > rather formidable to me at this point after looking at e tutorials).
 > 
 > sure, but it always helps to know what each rule is doing.  could always 

Yes, I agree, but to a neophyte iptabler, it's pretty opaque and the learning 
curve is steep.  Hence, my appeal.

 > test with no firewall rules before adding them -- stop the firewall 
 > service, see if traffic routes under those circumstances before moving 
 > forward with drop/deny rules.

Well, it's not a "service" under OpenWrt, rather a startup script with 
multiple calls to iptables.  I tried deleting/flushing all tables, but then 
couldn't talk to the box anymore.

 > 
 > -tcl.
 > 
 > 
 > _______________________________________________
 > talk mailing list
 > talk at nblug.org
 > http://nblug.org/cgi-bin/mailman/listinfo/talk
 > 






More information about the talk mailing list