On Mon, Oct 10, 2005 at 09:31:41PM +0200, Dexter wrote:
> This are my iptables rules.
[ ... skip ]
>
> >hmm maybe its better to tell us what iptables -t nat -L says if you use
> >masquerading
You've been asked about "nat" table (iptables -t nat -L) ;)
You can try my script for "live" watching iptables rules:
http://www.zind.ikem.pwr.wroc.pl/arch/linux/iptables.watch
I propose such method for testing:
1) On client start for example: ping $some_remote_IP
2) On server start iptables.watch -Z -Wd
( -Z zeroes iptable counters -Wd watches with highlighting, rest of help
below)
A short watching of screen should give you where your packets are going.
But my script is usable only if have (almost) no other transmissions.
Sometimes "ping -f" on client can help or restart (stop via ctrl-c)
iptables.watch often.
=======================================================================
$ iptables.watch -h
iptables.watch version 0.03, Mon Sep 26 12:48:24 CEST 2005
(c) Miroslaw Kwasniak, licence GPL 2.0
Displays only active chains/rules in iptables
Usage:
iptables.watch -h
iptables.watch [-o ipt_options] [-ns] [-w width] [-W|-Wd] [-Z] [table [table ...]]
-h : this help
-o ipt_options : iptables options, default = --line-numbers -vxnL
-ns : no squeeze spaces
-w width : display width, default = ${COLUMNS:-80}
-W : display via 'watch', default = to stdout
-Wd : display via 'watch -d'
-Z : zero iptables counters
[table [table ..]] : list only specified tables, default = `cat /proc/net/ip_tables_names`
uses: iptables, grep, sed, cat, cut and (optionally) watch
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment