Make sure that packet forwarding is enabled (in recent kernels it is
disabled by default, meaning that packets never even try to traverse
the `forward' chain). You can override this (as root) by typing
# echo 1 > /proc/sys/net/ipv4/ip_forward
If this works for you, you can put this somewhere in your bootup
scripts so it is enabled every time; you'll want to set up your
firewalling before this command runs though, otherwise there's an
opportunity for packets to slip through.
You must allow forwarding packets (see above) for redirect to work;
otherwise the routing code drops the packet. So if you are just using
redirect, and don't have any forwarding at all, you should be aware of
Note that REDIR (being in the input chain) doesn't effect connections
from a local process.
So do a number of others, it seems. My code only covers IP,
unfortunately. On the good side, all the hooks are there to firewall
IPX! You just need to write the code; I will happily help where