iptables forwarding and dns problem

To: debian-firewall@lists.debian.org
Subject: iptables forwarding and dns problem
From: "Markus B." <mbillharz@web.de>
Date: Thu, 24 Nov 2005 02:18:55 +0100
Message-id: <[🔎] 438514FF.4050700@web.de>

Hi,
i configured a router on debian, but i have some serious problems

1. i can not ping google.com or any other side if my INPUT OUTPUTPolicities are on DROP because of unknown host, if i turn the firewalloff i can ping them so i think there must be a problem with my ports.But i dunno wich port I still need to open cause i already did it with53 and 80.2. some of my friends who want to be forwarded via the router can justload some pages. google.com, heise.de and some others dont work. On theother hand they are able to connect to ICQ, or Skype.


Script:

# delete old rules
iptables -F
iptables -t nat -F

# enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# enable masquerading
iptables -t nat -A POSTROUTING -o ppp0 -s 141.28.227.0/16 -j MASQUERADE


# network

iptables -A INPUT -s 141.28.227.0/24 -i eth0 -j ACCEPT
iptables -A OUTPUT -d 141.28.227.0/24 -o eth0 -j ACCEPT

iptables -A INPUT -s 141.28.228.0/24 -i eth0 -j ACCEPT
iptables -A OUTPUT -d 141.28.228.0/24 -o eth0 -j ACCEPT

iptables -A INPUT -s 141.28.224.0/24 -i eth0 -j ACCEPT
iptables -A OUTPUT -d 141.28.224.0/24 -o eth0 -j ACCEPT


# ip forwarding
#markus
iptables -A FORWARD -i ppp0 -d 141.28.227.178 -j ACCEPT
iptables -A FORWARD -o ppp0 -s 141.28.227.178 -j ACCEPT

iptables -A FORWARD -i ppp0 -d 141.28.227.177 -j ACCEPT
iptables -A FORWARD -o ppp0 -s 141.28.227.177 -j ACCEPT


#lukas
iptables -A FORWARD -i ppp0 -d 141.28.227.223 -j ACCEPT
iptables -A FORWARD -o ppp0 -s 141.28.227.223 -j ACCEPT


#casi
iptables -A FORWARD -i ppp0 -d 141.28.227.46 -j ACCEPT
iptables -A FORWARD -o ppp0 -s 141.28.227.46 -j ACCEPT

iptables -A FORWARD -i ppp0 -d 141.28.227.126 -j ACCEPT
iptables -A FORWARD -o ppp0 -s 141.28.227.126 -j ACCEPT


#alex
iptables -A FORWARD -i ppp0 -d 141.28.227.64 -j ACCEPT
iptables -A FORWARD -o ppp0 -s 141.28.227.64 -j ACCEPT


#cafe
iptables -A FORWARD -i ppp0 -d 141.28.227.200 -j ACCEPT
iptables -A FORWARD -o ppp0 -s 141.28.227.200 -j ACCEPT


# router rules
iptables -A INPUT -i ppp0 -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -o ppp0 -p tcp --sport 53 -j ACCEPT

iptables -A INPUT -i ppp0 -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -o ppp0 -p udp --sport 53 -j ACCEPT

iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -o ppp0 -p tcp --sport 80 -j ACCEPT


# loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT


# route to the other networks
route add -net 141.28.224.0 gw 141.28.227.254 netmask 255.255.255.0
route add -net 141.28.228.0 gw 141.28.227.254 netmask 255.255.255.0

# policities
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP




thank you :) i hope someone can help me with that

Greets
Markus B.

Reply to:

Follow-Ups:
- Re: iptables forwarding and dns problem
  - From: Paul Slootman <paul@debian.org>

Prev by Date: Re: Linux Firewall: Hardware questions: interrupts and network cards
Next by Date: Re: Linux Firewall: Hardware questions: interrupts and network cards
Previous by thread: Re: Linux Firewall: Hardware questions: interrupts and network cards
Next by thread: Re: iptables forwarding and dns problem
Index(es):
- Date
- Thread