[NTLUG:Discuss] Firewall Forwarding Question
Kenneth Loafman
ken at lt.com
Thu Feb 20 08:38:44 CST 2003
jose sanchez wrote:
> --- Kenneth Loafman <ken at lt.com> wrote:
>
>>jose sanchez wrote:
>>
>>>I hope this can help:
>>>
>>>iptables -A FORWARD -p udp -i $INCOMING_NIC -o
>>>$OUTGOING_NIC -d $LOG_SERVER --dport 514 -j ACCEPT
>>>
>>>Is almost the samething you have. Let me know if
>>
>>it
>>
>>>worked.
>>
>>
>>Nope. Dumb question -- how does it get into the
>>forward chain? Do I
>>need to accept it in INPUT?
>
>
> No. You only need to accept it in INPUT when is
> destined for the actual router/firewall. How about:
>
> iptables -A FORWARD -p udp -i $INCOMING_NIC -o
> $OUTGOING_NIC -d $LOG_SERVER --dport 514
> -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> Also allow FORWARD backwards...
>
> Hope this helps. Let me know if it worked, by the way
> this is not a dumb question, I just wanted to know if
> I was of any help.
Nope, did not work either. Thanks for the assist.
I'm just going to stay with the current setup for now. If I bypass the
logging by going through the firewall, I then have to backup the logs on
C. The current method provides for two copies of the logs, so no
backups are needed.
...Ken
More information about the Discuss
mailing list