Re: Iptables problem

To:	netfilter@lists.netfilter.org
Subject:	Re: Iptables problem
From:	"Saurabh Mehrotra" <saurabh1980@gmail.com>
Date:	Fri, 26 Jan 2007 21:19:11 +0530
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=U3D45gph46AOZIJMYLMVdEcwSt2szE/E732J+Vv9UfM82u/guKnnI1JTlrKC12aYdULsR8lmyHh0NGDji3xSKhDv+KxY6Q83ngO6r3Yykh3nPkV4rTd30M4bwEfQJJ0tOsEzDOLvggETvXP9+WIwDKzaHk5BiX7TxaHPAMuPYZ0=
In-reply-to:	<27132.1169824672@laika.gnusto.com>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References:	<9c9832d0701260319q2b686090k28d63d92e2c58646@mail.gmail.com> <4587.1169819624@laika.gnusto.com> <9c9832d0701260617m1393f7b4gf8b94985a641adf6@mail.gmail.com> <27132.1169824672@laika.gnusto.com>
Sender:	netfilter-bounces@lists.netfilter.org

Thanks for reply .

Can you guide me how to set up TCP dump on RHEL 4 and test .

Can u explain this more so that I will calculate that..

"  packet counts for each rule, which
should help you to determine which rule is dropping or failing to
forward the DNS packets."

It will be helpful for me .

Thanks saurabh

On 1/26/07, Ted Phelps <phelps@gnusto.com> wrote:

Hi Saurabh,

"Saurabh Mehrotra" writes:
> Please find output of
>
> iptables -v -L

I'm afraid I'm not clever enough to comprehend what your rules are
trying to do.  Also, I don't know what the IP address of trench1 is nor
where the firewall is located in the network, so it's difficult to see
which rules would be involved.

The likely cause of your problem is that the DNS request or its reply is
being dropped by your firewall.  The easiest way to see which is
happening is to have tcpdump listen to port 53 on 212.165.108.4 to see
if the request is coming in and if a reply is going out.

The iptables output you sent has packet counts for each rule, which
should help you to determine which rule is dropping or failing to
forward the DNS packets.

Hope that helps,
-Ted

<Prev in Thread]	Current Thread	[Next in Thread>
Iptables problem, Saurabh Mehrotra Re: Iptables problem, Ted Phelps Re: Iptables problem, Saurabh Mehrotra Re: Iptables problem, Ted Phelps Re: Iptables problem, Saurabh Mehrotra <= Re: Iptables problem, Ted Phelps

Previous by Date:	Re: Iptables problem, Ted Phelps
Next by Date:	Re: Iptables problem, Ted Phelps
Previous by Thread:	Re: Iptables problem, Ted Phelps
Next by Thread:	Re: Iptables problem, Ted Phelps
Indexes:	[Date] [Thread] [Top] [All Lists]