[arch-general] iptables forward policy
Peter Baldridge
petebaldridge at gmail.com
Sun Aug 26 14:08:32 EDT 2012
On Sun, Aug 26, 2012 at 10:11 AM, Juan Diego Tascón <juantascon at gmail.com>wrote:
> Is there any way to debug iptables, Juan,
Another good way to debug IPTables (if you can limit the traffic to the box
to just what you are troubleshooting) use the command :
sudo iptables -Z && sudo watch -n .5 iptables -nvL
^zeros the counters for iptables
this will serve to show packet counters next to all your rules. Then you
can send the traffic you are troubleshooting and see which rule it is
matching. From a different window or screen you can add/drop rules and
watch the counters in real time. That has always helped me in tough
IPtables setups since it's a little more realtime/less info than logging.
-pete
More information about the arch-general
mailing list