| View previous topic :: View next topic |
| Author |
Message |
Mgiese
Veteran
Joined: 23 Mar 2005
Posts: 1630
Location: indiana
|
 Posted: Fri Feb 02, 2007 5:19 pm Post subject: another ip tables question , howto allow everything ? |
 |
|
hi there, i just introduce my network :
router which provides main internet access 192.168.178.1
my clients do have ips such 192.168.178.20-100
one of the clients is 192.168.178.23 which is also a ROUTER with iptables installed and fully working
the 192.168.178.23 is eth0 and 192.168.1.1 is eth1
now i have the next client which is 192.168.1.21 and this computer recieves the ip from 192.168.1.1(ROUTER,DNS,DHCP)
from 192.168.1.21 i can ping everything : 192.168.178.1-23 and the whole internet
i have another client which is 192.168.178.22 and connect to my hardware router(192.168.178.1)
but this client is unable to ping my second network : 192.168.1.x and now i am printing my iptables rules in hope that someone is able to tell me what to change to get it working... THX A LOT IN ADVANCE
| Code: | # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT udp -- anywhere anywhere udp dpt:bootps reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:domain reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpts:0:1023
DROP udp -- anywhere anywhere udp dpts:0:1023
DROP udp -- anywhere anywhere udp dpts:0:1023
DROP udp -- anywhere anywhere udp dpts:0:1023
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere 192.168.1.0/24
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT all -- anywhere 192.168.1.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
_________________
I do not have a Superman complex, for I am God not Superman 
Ryzen9 7950x (powersave governor) ; Radeon 7900XTX ; kernel 6.11.3 ; XFCE |
|
| Back to top |
|
 |
.:chrome:.
Advocate
Joined: 19 Feb 2005
Posts: 4588
Location: Brescia, Italy
|
| Posted: Fri Feb 02, 2007 6:11 pm Post subject: Re: another ip tables question , howto allow everything ? |
|
|
this rule:
| Code: | target prot opt source destination
DROP all -- anywhere 192.168.1.0/24 |
conflics whit this other:
| Code: | target prot opt source destination
ACCEPT all -- anywhere 192.168.1.0/24 |
and this:
| Code: | target prot opt source destination
ACCEPT all -- 192.168.1.0/24 anywhere |
mest be the first rule of the chain, if you want to ping from net 192.168.1.0 to 192.168.178.0
you also need to turn on masquerading in "nat" tagle of your router |
|
| Back to top |
|
|
Mgiese
Veteran
Joined: 23 Mar 2005
Posts: 1630
Location: indiana
|
| Posted: Fri Feb 02, 2007 9:47 pm Post subject: Re: another ip tables question , howto allow everything ? |
|
|
| .:chrome:. wrote: | this rule:
| Code: | target prot opt source destination
DROP all -- anywhere 192.168.1.0/24 |
conflics whit this other:
| Code: | target prot opt source destination
ACCEPT all -- anywhere 192.168.1.0/24 |
and this:
| Code: | target prot opt source destination
ACCEPT all -- 192.168.1.0/24 anywhere |
mest be the first rule of the chain, if you want to ping from net 192.168.1.0 to 192.168.178.0
you also need to turn on masquerading in "nat" tagle of your router |
thx a lot at first
i know i could(should) study the man pages, but please could you be so kind, to give me an example ? iptables got so many options which i dont understand. the only option i know is -L but thats it so far
NAT enable ? where on my gentoo router(is inside the kernel,nat and masq), or the hardware router ?
what i also dont understand is that if the rules contradict, then why it works so far ?
and why are those rules in the "home gentoo router" howto ?
http://www.gentoo.org/doc/en/home-router-howto.xml
Code Listing 5.2: Setting up iptables
thx again
_________________
I do not have a Superman complex, for I am God not Superman
Ryzen9 7950x (powersave governor) ; Radeon 7900XTX ; kernel 6.11.3 ; XFCE |
|
| Back to top |
|
|
Mgiese
Veteran
Joined: 23 Mar 2005
Posts: 1630
Location: indiana
|
| Posted: Sun Feb 04, 2007 11:14 am Post subject: Re: another ip tables question , howto allow everything ? |
|
|
| .:chrome:. wrote: |
mest be the first rule of the chain, if you want to ping from net 192.168.1.0 to 192.168.178.0
you also need to turn on masquerading in "nat" tagle of your router |
i think, but i am not sure, you meant "must be the first rule" so i tried the following :
| Code: | # iptables -D FORWARD 1
# /etc/init.d/iptables save |
the pc is still compiling, so i will see if it works after next restart..
_________________
I do not have a Superman complex, for I am God not Superman
Ryzen9 7950x (powersave governor) ; Radeon 7900XTX ; kernel 6.11.3 ; XFCE |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
