IPTABLES AND MONITOR
kelly
kelly at cliffhanger.com
Thu Mar 2 16:54:26 CET 2006
Are you using a static NAT or Masquerade (PAT)?
In order for the hosts on the outside (the
Internet), to be able to initiate a connection to
the inside server, the inside server needs to be
STATICALY NAT'd.
If you're Masquerading the inside host, the NAT is
only in affect for a finite period of time. In
addition, only the reply packets to the inside
host are permitted to pass through the firewall
and connect to the inside host. The reply packets
must match the ports that were used during the
initial connection from the inside host. Unless
it's ftp or some other protocol that works similar
to ftp.
--
kelly
http://home1.gte.net/res0psau/index.html#Hang-Gliding-Stuff
-- --
\ /
\/
/\
/ \
-- --
Quoting Davis Sylvester <dsylvesteriii at yahoo.com>:
We're running iptables/Netfilter 1.3.5. We have our
mail server nat'ed. Every so often our firewall stops
preforming the nat translation from public IP address
--> private IP Address.
What is the best way to troubleshoot this problem? If
you have reference to a simple quide or how to shoot
it my way.
Thanks in advance!
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the netfilter
mailing list