1
I have iptables running on a host (acting as a firewall) in a Linux namespace with only one network interface: h2-eth1 (has an IP and MAC address)
I have set up my switch to forward all packets to the firewall, and the packets returned from the firewall to the internal network. Now, I proceed to do a simple sanity check to see if everything is working. I run these commands on the firewall:
$sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
$iptables -P INPUT ACCEPT
$iptables -P FORWARD DROP
$iptables -P OUTPUT ACCEPT
$iptables -F INPUT
$iptables -F FORWARD
$iptables -F OUTPUT
$iptables -F -t nat
$iptables -A FORWARD -i h2-eth1 -o h2-eth1 -j ACCEPT
Now, I ping an internal host from outside. I see ICMP packets going to the firewall but none coming back from it. So, I ran iptables -nvL on the firewall and I see all tables (INPUT, OUTPUT, and FORWARD) have packet count 0. So, the packets are not reaching iptables because they don't match the IP address of the NIC? How do I correct this?
Bruce
Posted 2013-03-23T22:49:56.973
Reputation: 2 067
I should have mentioned this but the external host is actually just an internal host in the same subnet. I configure the switches so it is treated as an external host. Anyways that does not explain why I don't see any packets coming out of the firewall – Bruce – 2013-03-24T00:01:55.113