Answer the question
In order to leave comments, you need to log in
P
P
PsyShits2016-07-27 12:43:29
PsyShits, 2016-07-27 12:43:29
How can I debug written iptables rules?
there is a network 10.1.1.0/24 and there is a provider network let it be 162.1.1.0/24
in the network there are some pieces of iron with static addresses of the
gateway provider looks with one interface to the local area (eth1) and the second to the provider (eth0)
# Allow access from the internal network to the outside
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
#Enable NAT
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.31.0/24 -j MASQUERADE #Allow
replies from outside network
iptables -A FORWARD -i eth0 - m state --state ESTABLISHED,RELATED -j ACCEPT
after that, the pieces of iron with static stop working.
How can I see the traffic passing through the gateway? How can I debug the rules on the gateway?
1 answer(s)
@CityCat4
Rules were written for IPSec tracing
C
CityCat4, 2016-07-27 @CityCat4
Rule tracing can be done through a RAW table by setting the TRACE action, for example (part of /etc/sysconfig/iptables file, CentOS 6.8)
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -p udp -m multiport --destination-port 500,4500 -j TRACE
-A PREROUTING -p udp -m multiport --destination-port 500,4500 -j TRACE
-A OUTPUT -p esp -j TRACE
-A PREROUTING -p esp -j TRACERules were written for IPSec tracing
Similar questions
K
khataev2014-08-03 22:45:16
What is missing to display an image as the background of an html page?
4Reply
H
E
V
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question