Please help with iptables problem

[billhorne at mediaone.net (Bill Horne)]

I've just set up a RedHat 7.1 box, and put in an iptables ruleset to
allow basic NAT operation from my in-house LAN and apache/ssh to run on
the server.

The ruleset is attached. The problem is that when I run iptables-restore
<ruleset, I get an error saying that it can't run.

The iptables-restore option only works after I enable nat by hand
(iptable -t nat -A POSTROUTING -i eth0 -j MASQUERADE). Running insmod
ip_conntrack does NOT cure the problem.

I hope I've explained this clearly.

Thanks for your time.

Bill Horne




# Generated by iptables-save v1.2.1a on Thu Sep 13 21:50:03 2001
# Completed on Thu Sep 13 21:50:03 2001
# Generated by iptables-save v1.2.1a on Thu Sep 13 21:50:03 2001
*filter
:INPUT DROP [10:4160]
:FORWARD ACCEPT [24091:9328477]
:OUTPUT ACCEPT [121:4840]
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 67:68 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 53 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 500 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [166:13089]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Sep 13 21:50:03 2001

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).