[NTLUG:Discuss] Firewall Forwarding Question
Kenneth Loafman
ken at lt.com
Thu Feb 20 10:23:24 CST 2003
It was the first rule in the FORWARD table.
...Ken
Darin W. Smith wrote:
> One thing to be careful of is that whichever rule is the first match
> will be the one taken...therefore, if you have some more general rule
> upstream of the one you are trying to get working, your new rule might
> never get invoked.
>
> I've had to use -I (insert) rather than -A (append) in some cases to put
> my new rule at the front of the list (default) or to insert elsewhere.
>
> --D!
>
> On Thu, 20 Feb 2003 08:38:44 -0600, Kenneth Loafman <ken at lt.com> wrote:
>
>> jose sanchez wrote:
>>
>>> --- Kenneth Loafman <ken at lt.com> wrote:
>>>
>>>> jose sanchez wrote:
>>>>
>>>>> I hope this can help:
>>>>>
>>>>> iptables -A FORWARD -p udp -i $INCOMING_NIC -o
>>>>> $OUTGOING_NIC -d $LOG_SERVER --dport 514 -j ACCEPT
>>>>>
>>>>> Is almost the samething you have. Let me know if
>>>>
>>>>
>>>> it
>>>>
>>>>> worked.
>>>>
>>>>
>>>>
>>>> Nope. Dumb question -- how does it get into the
>>>> forward chain? Do I need to accept it in INPUT?
>>>
>>>
>>>
>>> No. You only need to accept it in INPUT when is
>>> destined for the actual router/firewall. How about:
>>>
>>> iptables -A FORWARD -p udp -i $INCOMING_NIC -o
>>> $OUTGOING_NIC -d $LOG_SERVER --dport 514 -m state --state
>>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>>
>>> Also allow FORWARD backwards...
>>>
>>> Hope this helps. Let me know if it worked, by the way
>>> this is not a dumb question, I just wanted to know if
>>> I was of any help.
>>
>>
>> Nope, did not work either. Thanks for the assist.
>>
>> I'm just going to stay with the current setup for now. If I bypass
>> the logging by going through the firewall, I then have to backup the
>> logs on C. The current method provides for two copies of the logs, so
>> no backups are needed.
>>
>> ...Ken
More information about the Discuss
mailing list