[NTLUG:Discuss] Firewall Forwarding Question
Darin W. Smith
darin_ext at darinsmith.net
Thu Feb 20 09:04:50 CST 2003
One thing to be careful of is that whichever rule is the first match will
be the one taken...therefore, if you have some more general rule upstream
of the one you are trying to get working, your new rule might never get
invoked.
I've had to use -I (insert) rather than -A (append) in some cases to put my
new rule at the front of the list (default) or to insert elsewhere.
--D!
On Thu, 20 Feb 2003 08:38:44 -0600, Kenneth Loafman <ken at lt.com> wrote:
> jose sanchez wrote:
>> --- Kenneth Loafman <ken at lt.com> wrote:
>>
>>> jose sanchez wrote:
>>>
>>>> I hope this can help:
>>>>
>>>> iptables -A FORWARD -p udp -i $INCOMING_NIC -o
>>>> $OUTGOING_NIC -d $LOG_SERVER --dport 514 -j ACCEPT
>>>>
>>>> Is almost the samething you have. Let me know if
>>>
>>> it
>>>
>>>> worked.
>>>
>>>
>>> Nope. Dumb question -- how does it get into the
>>> forward chain? Do I need to accept it in INPUT?
>>
>>
>> No. You only need to accept it in INPUT when is
>> destined for the actual router/firewall. How about:
>>
>> iptables -A FORWARD -p udp -i $INCOMING_NIC -o
>> $OUTGOING_NIC -d $LOG_SERVER --dport 514 -m state --state
>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>> Also allow FORWARD backwards...
>>
>> Hope this helps. Let me know if it worked, by the way
>> this is not a dumb question, I just wanted to know if
>> I was of any help.
>
> Nope, did not work either. Thanks for the assist.
>
> I'm just going to stay with the current setup for now. If I bypass the
> logging by going through the firewall, I then have to backup the logs on
> C. The current method provides for two copies of the logs, so no backups
> are needed.
>
> ...Ken
>
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
--
D!
Darin W. Smith
AIM: JediGrover
More information about the Discuss
mailing list