[vox-tech] HTTP Routing Strangeness
Rod Roark
rod at sunsetsystems.com
Mon Jul 25 17:10:18 PDT 2005
On Monday 25 July 2005 03:22 pm, Chris Jenks wrote:
> Setting the iptables rules starts with:
>
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
> iptables -P INPUT DROP
> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
Seems like this would drop all your incoming UDP packets, e.g.
responses to DNS queries. Regardless, try starting with the
simplest possible firewall with NAT and add things a little at
a time until you find something that breaks it.
-- Rod
More information about the vox-tech
mailing list