[plug] masq script
Cameron Patrick
cameron at patrick.wattle.id.au
Thu Dec 18 10:54:23 WST 2003
On Thu, Dec 18, 2003 at 09:08:47AM +0800, Ryan wrote:
| On Thu, 2003-12-18 at 08:54, Adam Hewitt wrote:
| > On 17/12/2003, at 5:29 PM, smclevie wrote:
| >
| > > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
| >
| > I may be wrong but this looks like your problem. If you are pinging
| > from your WinXP machine through the firewall to the internet, then this
| > would be a 'new' connection, not established and not related and
| > therefore dropped.
| >
| > Mind you I haven't really been following this thread, and it was after
| > a quick look through your config, so I may be off track.
|
| Likewise, I've been ignoring this thread ... but that line is correct if
| you specify a direction and then accept everything in the reverse.
That line is correct even without a direction, I'm using it myself. The
following lines later in the script should accept everything that starts
on the local network:
iptables -A FORWARD -i lo -j ACCEPT
iptables -A INPUT -p ALL -i lo -j ACCEPT
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -j ACCEPT
Cameron.
More information about the plug
mailing list