[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
interesting iptables results that make no sense
- To: silug-discuss@silug.org
- Subject: interesting iptables results that make no sense
- From: Casey Boone <caseyboone@gmail.com>
- Date: Mon, 29 Nov 2004 20:28:47 -0600
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=idIpN4H49AU4E+Z7y1AgC94/5duuYQlN88GnPsbKkpplXEnjS6ibnv+tTvu4PeIZVLFcMHwrfKnAJ4QNr7vFG1JimOlo4X+OT4tc720/02LleL7SGF5tb6vvdL2alemxzvcqSoJXIIj+ibKVNs8eBB29he6jR9Mgrli3tycujLk=
- Organization: Southern Illinois Linux Users Group
- Reply-To: Casey Boone <caseyboone@gmail.com>
- Sender: silug-discuss-owner@silug.org
ok on my firewall i have a normal fd3 installation with redhat's
default iptables script plus a couple of minor modifications (most of
which make the security extremely lax for the intranet side of the
firewall).
i was doing a postrouting masq of my intranet ips but didnt have
anything set up for the forward chain except redhat's default of deny
with message.
i could ping ip addresses, ssh, do whatever as long as i did it by ip
(this coming from a box behind the firewall). i could not dns resolve
to save myself but other udp traffic seemed to work ok (testing with
traceroute).
when i added in a forward chain for my intranet ips into the firewall
then all of a sudden dns resolving worked fine.
i see nothing in redhat's default script that deals with dns so i have
no idea why i wasnt getting more of an "all or nothing" situation
instead of all working except dns. as best i can tell i should have
had a forward chain rule in order for the masq to work at all.
i dont get it
but now that i have the forward chain all is peachy.
Casey
-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.