[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: How to test NAT
From:       dave madden <dhm () mersenne ! com>
Date:       1999-11-24 17:14:30
[Download RAW message or body]

 =>From: jiangtao <jiangtao@neu.edu.cn>
 =>...
 =>      I am a newcomer to netfilter, who can tell me how to test NAT or
 =>RNAT, and how to verify your test is success or failed.

I built/tested my firewall by putting in logging statements at the end
of every chain (INPUT/FORWARD/OUTPUT) and then testing the various
connections I wanted to allow.  I went down the list of connection
types, and for each one, I figured out the appropriate set of rules,
inserted them, and then tried the connection.  If it worked, great; if
not, the log message would tell me which packets were getting dropped
to cause failure.  I'd adjust the rules until the connection worked,
then moved on to the next connection type.

Note that it's REALLY handy to have an outside account that you can
use while testing a firewall -- it allows you to test inbound
connections.  Also, remember that you can test any TCP service with
telnet, not just telnet itself.  For example, if you want to test
HTTP, you can do:

>>  % telnet test.address.com 80
    Trying test.address.com...
    Connected to test.address.com
    Escape character is '^]'.

If you get the "Connected" message, then you've made it through the
firewall and are talking to the web server.

(I'm assuming that you really do mean "test", and not "configure and
test," since I believe the latter can be done most easily using Mason,
the firewall constructor that another contributor on this list has
developed.)

d.

[prev in list] [next in list] [prev in thread] [next in thread]