Re: Need help for iptables

On Sun, Mar 06, 2011 at 02:47:04PM +0800, Sai Duan wrote:
> Test 4
> Can the server forward the requests to the target?
> The suggestion from the website (James Cameron) is
> "The most common cause of failure for this test is iptables FORWARD rules."
> How can I fix this problem?

Examine the iptables rules on the server.  You may use iptables-save or
variations of the iptables --list command.

Understand the meaning and effect of each of the FORWARD rules.

Determine which of these rules might block the packets.

Research why the rules are currently in place on your server.

Remove the rules that block the packets, then repeat the test.

If there are no FORWARD rules, check all iptables rules and subject them
to the same analysis.

If there are no iptables rules at all, then I have no explanation.

Check also the validity of your input data to "Test 4" ... if the server
has more than one target side interface, not just eth0, then you may be
testing the wrong interface.  "Server External Network Interface :
eth0".  You might combine both "Test 3" and "Test 4", to confirm that
"ping" in "Test 3" is seen by the "tcpdump" in "Test 4".

--

-- 
James Cameron
http://quozl.linux.org.au/

------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d