[问题求助]问一个iptables的问题 [复制链接]

出现如下错误
1.g.if (6.64 KB)     外汇
下载次数:6
2004-07-14 20:.10    美容

http://upload.bbs.csuboy.com/Mon_1004/126_7137_dc2e460da56a30a.gif[/img]投资

check your firewall script,
add --log-prefix "packet logged:" to iptables commands

and restart the service

QUOTE:原帖由 "yunqing" 发表：
check your firewall script,
add --log-prefix "packet logged:" to iptables commands

and restart the service



问题是我的 －－log－prefix后面有说明

给你看看我的部分防火墙代码
1.gif (14.21 KB)
下载次数:3
2004-07-14 21:25

be sure the value of $LOG_LEVEL is set before this segment of code.

[quote]原帖由 "yunqing"]be sure the value of $LOG_LEVEL is set before this segment of code.[/quote 发表：



谢谢，确实是LOG_LEVEL没有赋值，刚才那个LOG的问题解决了，现在又出现如下问题拉
1.gif (6.39 KB)
下载次数:6
2004-07-14 22:06

two points:
1.check the interface 'eth0' really exists
sudo /sbin/ifconfig

2. the interface parameter should follow '-i' switch in iptables command, like this:

iptables -A INPUT -i eth0 ...

QUOTE:原帖由 "yunqing" 发表：
two points:
1.check the interface 'eth0' really exists
sudo /sbin/ifconfig

2. the interface parameter should follow '-i' switch in iptables command, like this:

iptables -A INPUT -i eth0 ...



ifconfig能找到eth0网络接口，所以第一个不是原因了。

第2个，我有些用的是-O参数，而不是-i，因为是出口，如下图所示，是不是这个原因呢？
1.gif (4.89 KB)
下载次数:6
2004-07-14 23:51

I imagine you're using linux box as a nat/firewall server. So for the first line, you need to specify the input inface where to receive icmp packet and then output inteface from which the packet leaves.

Try this:

iptables -A ALLOW_ICMP -i input_interface -o $EXTERNEL_INTERFACE ....

where input_interface is the internal ethernet card (I suppose).

[quote]原帖由 "yunqing"]I imagine you're using linux box as a nat/firewall server. So for the first line, you need to specify the input inface where to receive icmp packet and then output inteface from which the packet leave..........[/quote 发表：



不是的，我这里没用nat功能，我只有一块网卡，所以说出口和进口都是external_interface了。

难道-i和-o参数不能接相同的网络接口吗？