From: Keith Morse (kgmorse_at_mpcu.com)
Date: Thu Dec 19 2002 - 10:04:28 CET
On 19 Dec 2002, James P. Kinney III wrote:
> iptables -nL won't show the nat table. Or the mangle table. Only the
> default filter table.
>
> Try iptables -t nat -L -v
> and iptables -t mangle -L -v
>
> I found that my NAT code was failing me due a default of MASQUERADE
> everything _after_ my inserted
> iptables -t nat -I POSTROUTING -d ! ipsec+ -j MASQUERADE
Aaah, very good to know. A bad assumption on my part. It got me to
thinking though about how I manage this mess.
Normally when I turn off netfilter rules sets I use the provided init
script /etc/rc.d/init.d/iptables via the service command "service iptables
off" for example. Typically I will vary on the use of "iptables -nL" or
"service iptables status" to check what state the rulesets are in. It
seems that "service iptables status" meshes with what you're saying above.
It "cat"s the /proc/net/ip_tables_names file and for loops thru each table
name to give you it's current status. Hadn't thought about that until you
made the comment above. Thanks James.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Dec 20 2002 - 05:21:09 CET