LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: Alan Kennington <akenning@dog.topology.org>
  To  : LinuxSA <linuxsa@linuxsa.org.au>
  Date: Thu, 19 Apr 2001 23:29:57 +0930

Re: Strange tcp behaviour

On Thu, Apr 19, 2001 at 04:52:51PM +0930, David Lloyd wrote:
> 
> You could turn on logging and see what is actually been dropped and
> where. You'd probably only want to do this on one or two rules at once
> otherwise you'll just get bombarded with information.

I find the best way to debug iptables is to just run:

iptables -L -n -x -v

This shows all of the counters for all of the rules.

When you get 50-100 rules, this is really important,
especially if you're using the NAT table to swap
IP addresses and ports and crazy things like that.

Forwarding, I believe, includes going from your own machine to other machines
in the iptables universe.

There's a parameter -C in iptables to see what happens if you
submit a particular kind of packet.
Here's an example:

================================================================
dog /etc/rc.d# iptables -C FORWARD --source 127.0.0.1 --destination slashdot.org -p tcp --dport 80
iptables: Will be implemented real soon.  I promise.    
================================================================

Hmmm. I wonder who wrote that into the software!

Cheers,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page