[arch-general] iptables forward policy
Juan Diego Tascón
juantascon at gmail.com
Tue Aug 28 16:08:42 EDT 2012
Thanks all for your help
I finally decided to go with a more simple port forwarding solution
using socat a tool to forward tcp conections. This way I can filter
forwarded ports by using the router's INPUT chain.
Cheers
On Sun, Aug 26, 2012 at 1:08 PM, Peter Baldridge
<petebaldridge at gmail.com> wrote:
> On Sun, Aug 26, 2012 at 10:11 AM, Juan Diego Tascón <juantascon at gmail.com>wrote:
>
>> Is there any way to debug iptables, Juan,
>
>
> Another good way to debug IPTables (if you can limit the traffic to the box
> to just what you are troubleshooting) use the command :
>
> sudo iptables -Z && sudo watch -n .5 iptables -nvL
>
> ^zeros the counters for iptables
>
> this will serve to show packet counters next to all your rules. Then you
> can send the traffic you are troubleshooting and see which rule it is
> matching. From a different window or screen you can add/drop rules and
> watch the counters in real time. That has always helped me in tough
> IPtables setups since it's a little more realtime/less info than logging.
>
> -pete
More information about the arch-general
mailing list