[Sid] Problemi con ipmasq
Siccome fino a prima dell'ultimo aggiornamento tutto andava bene, non
riesco ad immaginare altro che possa spiegare il mancato funzionamento
del masquerading sulla mia rete domestica.
In pratica dalle macchine mascherate non riesco a pingare nessun
indirizzo esterno, mi fermo a quello dell'indirizzo ip di ppp0 e non
vado oltre. Prima tutto funzionava benissimo, e sono sicuro di non aver
toccato niente che potesse inficiare il funzionamento del masquerading.
Un po' di info:
la versione di ipmasq e` la 3.5.19:
il server e` 192.168.1.51
il client e` 192.168.1.52
si pingano entrambi
Quando lancio ipmasq le regole che usa sono le seguenti:
murena:/usr/src/linux# ipmasq -v
#: Interfaces found:
#: ppp0 80.104.114.92/255.255.255.255
#: ppp0 80.104.114.92/255.255.255.255
#: eth0 192.168.1.51/255.255.255.0
echo "0" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -F PREROUTING
/sbin/iptables -t mangle -F OUTPUT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
/sbin/iptables -t nat -F PREROUTING
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F OUTPUT
/sbin/iptables -A INPUT -j ACCEPT -i lo
/sbin/iptables -A INPUT -j LOG -i ! lo -s 127.0.0.1/255.0.0.0
/sbin/iptables -A INPUT -j DROP -i ! lo -s 127.0.0.1/255.0.0.0
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 255.255.255.255/32
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -s 192.168.1.51/255.255.255.0
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 224.0.0.0/4 -p ! 6
/sbin/iptables -A INPUT -j LOG -i ppp0 -s 192.168.1.51/255.255.255.0
/sbin/iptables -A INPUT -j DROP -i ppp0 -s 192.168.1.51/255.255.255.0
/sbin/iptables -A INPUT -j ACCEPT -i ppp0 -d 255.255.255.255/32
/sbin/iptables -A INPUT -j ACCEPT -i ppp0 -d 80.104.114.92/32
/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.51/255.255.255.0 -j
MASQUERADE/sbin/iptables -A FORWARD -i eth0 -o ppp0 -s
192.168.1.51/255.255.255.0 -j ACCEPT
/sbin/iptables -A OUTPUT -j ACCEPT -o lo
/sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 255.255.255.255/32
/sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 192.168.1.51/255.255.255.0
/sbin/iptables -A OUTPUT -j ACCEPT -o eth0 -d 224.0.0.0/4 -p ! 6
/sbin/iptables -A FORWARD -j LOG -o ppp0 -d 192.168.1.51/255.255.255.0
/sbin/iptables -A FORWARD -j DROP -o ppp0 -d 192.168.1.51/255.255.255.0
/sbin/iptables -A OUTPUT -j LOG -o ppp0 -d 192.168.1.51/255.255.255.0
/sbin/iptables -A OUTPUT -j DROP -o ppp0 -d 192.168.1.51/255.255.255.0
/sbin/iptables -A OUTPUT -j ACCEPT -o ppp0 -d 255.255.255.255/32
/sbin/iptables -A OUTPUT -j ACCEPT -o ppp0 -s 80.104.114.92/32
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -A INPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A INPUT -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A OUTPUT -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A OUTPUT -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A FORWARD -j LOG -s 0.0.0.0/0 -d 0.0.0.0/0
/sbin/iptables -A FORWARD -j DROP -s 0.0.0.0/0 -d 0.0.0.0/0
Quando tento di pingare un ip esterno (152.2.210.81 in quest'esempio) in
/var/log/syslog del server vedo ripetuto:
Jan 11 01:30:12 localhost kernel: IN=ppp0 OUT=eth0 SRC=152.2.210.81
DST=192.168.1.52 LEN=84 TOS=0x00 PREC=0x00 TTL=45 ID=24394 PROTO=ICMP
TYPE=0 CODE=0 ID=4326
SEQ=14
Se qualcuno mi puo` aiutare a far luce su questo mistero gliene sarei
molto grato.
Ciao,
Riccardo
--
"Everyone is encouraged to help development of Debian
and to spread the word of free software"
http://www.debian.org/MailingLists/
Reply to: