IPTABLES AND MONITOR
kelly at cliffhanger.com
Thu Mar 2 16:54:26 CET 2006
Are you using a static NAT or Masquerade (PAT)?
In order for the hosts on the outside (the
Internet), to be able to initiate a connection to
the inside server, the inside server needs to be
If you're Masquerading the inside host, the NAT is
only in affect for a finite period of time. In
addition, only the reply packets to the inside
host are permitted to pass through the firewall
and connect to the inside host. The reply packets
must match the ports that were used during the
initial connection from the inside host. Unless
it's ftp or some other protocol that works similar
Quoting Davis Sylvester <dsylvesteriii at yahoo.com>:
We're running iptables/Netfilter 1.3.5. We have our
mail server nat'ed. Every so often our firewall stops
preforming the nat translation from public IP address
--> private IP Address.
What is the best way to troubleshoot this problem? If
you have reference to a simple quide or how to shoot
it my way.
Thanks in advance!
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the netfilter