Re: iptables, still [solved]

To: debian-firewall@lists.debian.org
Subject: Re: iptables, still [solved]
From: Steve <dlist@bluewin.ch>
Date: Fri, 15 Apr 2005 11:39:53 +0200
Message-id: <[🔎] 423AEEE50014DACC@mail21.bluewin.ch> (added by postmaster@bluewin.ch)
In-reply-to: <[🔎] 423AED7D00280628@mail6.bluewin.ch>
References: <[🔎] 423AED7D00280628@mail6.bluewin.ch>

well the problem is solved, I forgot to uncomment to rules.. 

now things are ok.

thanks

ps: sorry for the double post, mua manipulation error ;(

Le vendredi 15 avr 2005 à 10 h 24, Steve a dit:

> Hi all!
> 
> After the firmware upgrade of my modem/router, I have strange
> behaviour with my lan: I can ping the internet from my clients but not
> from the gateway machine ! 
> 
> Here is the setup:
> 
> internet ---- modem ------- eth0  (gateway) ath0 -------- eth0
> (client)
> 
> with :
> 
> modem LAN : 192.168.1.1
> modem WAN : dhcp
> eth0 gateway : dhcp
> ath0 : 192.168.20.1 (fixe)
> eth0 client : 192.168.20.3 (fixe)
> 
> both running Debian Sarge kernel 2.6
> 
> I enabled the NAT mode on the modem so that all trafic goes on eth0 on
> which I have the following iptables ruleset: 
> 
> gateway# iptables-save
> 
> # Generated by iptables-save v1.2.11 on Fri Apr 15 10:10:33 2005
> *filter
> :INPUT DROP [10:878]
> :FORWARD DROP [9:360]
> :OUTPUT DROP [82:15508]
> -A INPUT -i lo -j ACCEPT 
> -A INPUT -s 192.168.20.0/255.255.255.0 -d 192.168.20.1 -i ath0 -j
> ACCEPT-A INPUT -s 192.168.20.255 -d 192.168.20.1 -i ath0 -j ACCEPT 
> -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
> -A INPUT -j ULOG --ulog-prefix "Netfilter" 
> 
> -A FORWARD -s 192.168.20.0/255.255.255.0 -i ath0 -o eth0 -m state
> --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT -A FORWARD -d
> 192.168.20.0/255.255.255.0 -i eth0 -o ath0 -m state --state
> RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT 
> 
> -A OUTPUT -s 192.168.20.1 -d 192.168.20.0/255.255.255.0 -o ath0 -j
> ACCEPT -A OUTPUT -s 192.168.20.1 -d 192.168.20.255 -o ath0 -j ACCEPT 
> -A OUTPUT -j ULOG --ulog-prefix "Netfilter" 
> COMMIT
> # Completed on Fri Apr 15 10:10:33 2005
> # Generated by iptables-save v1.2.11 on Fri Apr 15 10:10:33 2005
> *nat
> :PREROUTING ACCEPT [227:28353]
> :POSTROUTING ACCEPT [9:743]
> :OUTPUT ACCEPT [80:4951]
> -A POSTROUTING -s 192.168.20.0/255.255.255.0 -o eth0 -j MASQUERADE 
> COMMIT
> # Completed on Fri Apr 15 10:10:33 2005
> 
> 
> gateway# ping 192.168.1.1
> 
> PING 192.168.1.1 (192.168.1.1): 56 data bytes
> ping: sendto: Operation not permitted
> ping: wrote 192.168.1.1 64 chars, ret=-1
> 
> but as I said, from the client it's ok.. and :
> 
> gateway # route
> 
> Table de routage IP du noyau
> Destination     Passerelle   Genmask    Indic Metric Ref    Use Iface
> 192.168.20.0    *          255.255.255.0   U     0      0   0 ath0
> 192.168.2.0     *               255.255.255.0   U     0      0 0 eth1
> 192.168.1.0     *               255.255.255.0   U     0     0    0
> eth0 default         192.168.1.1     0.0.0.0         UG   0      0   0
> eth0
> 
>  ok no?
> 
> 
> So what's wrong? I haven't changed anything in my setup, so I don't
> really understand what's going on (learning ..) What have I missed?
> 
> Any help is welcomed ;-)
> 
> 
> Greetings
> Thanks
> 
> steve
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>

Reply to:

References:
- iptables, still
  - From: Steve <dlist@bluewin.ch>

Prev by Date: iptables, still
Next by Date: What is it that is hitting my Firewall ... lots?
Previous by thread: iptables, still
Next by thread: iptables, still
Index(es):
- Date
- Thread