Re: iptables

I've changed my iptables rules to allow for everything and do NAT. I
still can't play. I'll take a look at Shorewall but I think I may have
bigger problems.

If I can't play when everything is wide open than something other then
stateful packet filtering is broken.

On Thu, 2005-03-10 at 15:55 -0900, Jeremy Austin wrote:
> I have to say that I've always taken the (admittedly not low-level)
> approach and used Shorewall to manipulate iptables. I used to do it
> manually, but once I got above one subnet and two interfaces, my rules
> got too big to handle alone. Shorewall divides traffic up into logical
> zones into which you put your interfaces, default policies, and
> firewall exceptions. It looks like what you're doing fits easily into
> a default policy of allowing outgoing traffic and related.
>
> Shorewall (shorewall.net) also has a webmin module. Either way
> (editing rules manually) is easy, you can have it up in 10 minutes or
> less.
>
> Sorry for no more details,
> Jeremy
>
>
> On Thu, 10 Mar 2005 15:47:21 -0900, damien hull
> <dhull@digitaloverload.net> wrote:
> > I'm trying to setup iptables so I can play games. According to a few
> > websites iptables has stateful packet filtering. If setup correctly I
> > should be able to play my games with out any problems. However, I am
> > unable to play games.
> >
> > I'm either doing something wrong or Linux firewalls suck. I may be
> > building an OpenBSD firewall soon. On an OpenBSD firewall I can play
> > games with out any problems.
> >
> > Here's my iptables rules. I'm using Fedora Core 3 if that helps any. If
> > you see something I'm doing wrong let me know.
> >
> > # Generated by iptables-save v1.2.11 on Thu Mar 10 13:08:05 2005
> > *mangle
> > :PREROUTING ACCEPT [0:0]
> > :INPUT ACCEPT [0:0]
> > :FORWARD ACCEPT [0:0]
> > :OUTPUT ACCEPT [0:0]
> > :POSTROUTING ACCEPT [0:0]
> > COMMIT
> > # Completed on Thu Mar 10 13:08:05 2005
> > # Generated by iptables-save v1.2.11 on Thu Mar 10 13:08:05 2005
> > *filter
> > :FORWARD ACCEPT [0:0]
> > :INPUT DROP [0:0]
> > :OUTPUT ACCEPT [0:0]
> > # accept traffic from all interface but not eth1
> > -A INPUT ! -i eth1 -j ACCEPT
> > # setup stateful connections on eth1
> > -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > COMMIT
> > # Completed on Thu Mar 10 13:08:05 2005
> > # Generated by iptables-save v1.2.11 on Thu Mar 10 13:08:05 2005
> > *nat
> > :OUTPUT ACCEPT [0:0]
> > :PREROUTING ACCEPT [0:0]
> > :POSTROUTING ACCEPT [0:0]
> > -A POSTROUTING -o eth1 -j MASQUERADE
> > COMMIT
> >
> > ---------
> > To unsubscribe, send email to <aklug-request@aklug.org>
> > with 'unsubscribe' in the message body.
> >
> >
>

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu Mar 10 16:00:17 2005