| View previous topic :: View next topic |
| Author |
Message |
plociclj
n00b
Joined: 16 Apr 2003
Posts: 5
|
 Posted: Thu Apr 17, 2003 9:30 pm Post subject: iptables NAT problem |
 |
|
I'm having issues with my NAT setup. As far as i can tell there are no obvious problems, I've had this working for quite a long time on a redhat setup (until a hard drive crashed). Since I've set up nat on gentoo I have had problems getting to some websites (I can ping the site but not reach it via a web browser). here is my iptables setup:
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -t nat -F POSTROUTING
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state NEW -p tcp -m multiport --dport 22 -j ACCEPT
iptables -A INPUT -i ppp0 -p icmp -j ACCEPT
iptables -A INPUT -i eth0 -m state --state NEW -j ACCEPT
iptables -A INPUT -i lo -m state --state NEW -j ACCEPT
iptables -A INPUT -j LOG -m multiport -p tcp --dports 21,23 --log-prefix "FW_INPUT "
iptables -P FORWARD DROP
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -j LOG --log-prefix "FW_FORWARD "
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
Thanks,
Leo |
|
| Back to top |
|
 |
dook43
Tux's lil' helper
Joined: 11 Jun 2002
Posts: 116
Location: Baton Rouge, LA
|
| Posted: Fri Apr 18, 2003 3:03 am Post subject: |
|
|
This line:
iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
needs to have -o eth0 after -i ppp0. You need to tell iptables where to forward the packets to. 
_________________
"We who are about to die salute you!" |
|
| Back to top |
|
|
plociclj
n00b
Joined: 16 Apr 2003
Posts: 5
|
| Posted: Sat Apr 19, 2003 12:23 am Post subject: |
|
|
that was it. Thanks alot.
Now only if i could get my modem to dial out quietly so that it doesn't wake me up at 4am.
Leo |
|
| Back to top |
|
|
plociclj
n00b
Joined: 16 Apr 2003
Posts: 5
|
| Posted: Sat Apr 19, 2003 12:56 am Post subject: |
|
|
i retract my statement about it working. Though it was partially true. This seems to work fine for linux clients on the network however windows clients are absolutely stumped when trying to access sites such as google.com. Once again ping works but web access is a no go. If anyone has seen this i would definitely appreciate any insight.
Thanks,
Leo |
|
| Back to top |
|
|
AntFire
n00b
Joined: 01 May 2002
Posts: 16
Location: UK
|
| Posted: Sun Apr 20, 2003 8:26 am Post subject: |
|
|
If you want your modem speaker turned off, add "ATM0" to your modem init script... it disables the speaker on the modem!
~AntFire |
|
| Back to top |
|
|
|
Networking & Security
