[NBLUG/talk] iptables guidance/guru?
Glen Gunsalus
G-Gunsalus at Mindspring.com
Mon Feb 12 13:59:05 PST 2007
>>> "Tim C. Lewis" said:
>
>
> On Mon, 12 Feb 2007, Glen Gunsalus wrote:
> > However, the default iptables set up by S35firewall (and probably the natt
>ing)
> > doesn't let me pass traffic between the subnets.
>
> could it just be that ip forwarding isn't enabled?
> do: cat /proc/sys/net/ipv4/ip_forward;
> output should be 1, not 0. if 0:
> echo 1 > /proc/sys/net/ipv4/ip_forward;
> and/or add "net.ipv4.ip_forward = 1" to /etc/sysctl.conf and run
> sysctl -p /etc/sysctl.conf
>
> that's the first thing that comes to mind. dunno what the default setting
> for openwrt is.
default allows port forwarding (cat /proc/sys/net/ipv4/ip_forward
1)
>
>
> > Is there a sane way to get where I want w/o having to master iptables ((lo
>oks
> > rather formidable to me at this point after looking at e tutorials).
>
> sure, but it always helps to know what each rule is doing. could always
Yes, I agree, but to a neophyte iptabler, it's pretty opaque and the learning
curve is steep. Hence, my appeal.
> test with no firewall rules before adding them -- stop the firewall
> service, see if traffic routes under those circumstances before moving
> forward with drop/deny rules.
Well, it's not a "service" under OpenWrt, rather a startup script with
multiple calls to iptables. I tried deleting/flushing all tables, but then
couldn't talk to the box anymore.
>
> -tcl.
>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/cgi-bin/mailman/listinfo/talk
>
More information about the talk
mailing list