Thanks all for your help I finally decided to go with a more simple port forwarding solution using socat a tool to forward tcp conections. This way I can filter forwarded ports by using the router's INPUT chain. Cheers On Sun, Aug 26, 2012 at 1:08 PM, Peter Baldridge <petebaldridge@gmail.com> wrote:
On Sun, Aug 26, 2012 at 10:11 AM, Juan Diego Tascón <juantascon@gmail.com>wrote:
Is there any way to debug iptables, Juan,
Another good way to debug IPTables (if you can limit the traffic to the box to just what you are troubleshooting) use the command :
sudo iptables -Z && sudo watch -n .5 iptables -nvL
^zeros the counters for iptables
this will serve to show packet counters next to all your rules. Then you can send the traffic you are troubleshooting and see which rule it is matching. From a different window or screen you can add/drop rules and watch the counters in real time. That has always helped me in tough IPtables setups since it's a little more realtime/less info than logging.
-pete