Re: ipmasq problem

To: Mikael Bergman <m10678@abc.se>
Cc: debian-user-swedish@lists.debian.org
Subject: Re: ipmasq problem
From: Ludvig Omholt <ludde@ludde.net>
Date: Wed, 12 Dec 2001 08:17:37 +0100
Message-id: <[🔎] 20011212071737.GA15537@ludde.net>
Mail-followup-to: Mikael Bergman <m10678@abc.se>, debian-user-swedish@lists.debian.org
In-reply-to: <[🔎] Pine.GSO.4.33.0112112031570.1717-100000@atle.abc.se>
References: <[🔎] Pine.GSO.4.33.0112112031570.1717-100000@atle.abc.se>

On Tue, Dec 11, 2001 at 09:16:34PM +0100, Mikael Bergman wrote:
> 
> Jag jag forsoker satta upp ett litet natverk hemma med en maskin som
> gateway till ett ADSL snore. Jag har fatt igang natverkskorten och
> ADLS-scriptet ar pa plats, nu aterstar att fixa sa att mina andra
> (Windows) karror far tillgang till natet.
> 
> Jag kan surfa med lynx fran linuxmaskinen men inte fran XP-maskinen pa
> det lokala natverket. Jag kan telnetta och pinga gatewaymaskinen fran
> XP-burken sa jag vet att jag har "kontakt". Nagon som har en ide om var
> problemet sitter?
> 
> XP-maskinen ar konfigurerad med statisk ip: 192.168.1.111 och default
> gateway 192.168.1.1 som ar linuxkarran pa det lokala natet.
> 
> ipmasq -v ger:
> 
> #: Interfaces found:
> #:   eth0       217.208.37.123/255.255.255.0
> #:   eth1       192.168.1.1/255.255.255.0
> echo "0" > /proc/sys/net/ipv4/ip_forward
> echo "0" > /proc/sys/net/ipv4/ip_always_defrag
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output DENY
> /sbin/ipchains --no-warnings -P forward DENY
> /sbin/ipchains -F input
> /sbin/ipchains -F output
> /sbin/ipchains --no-warnings -F forward
> /sbin/ipchains -A input -j ACCEPT -i lo
> /sbin/ipchains -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l
> /sbin/ipchains -A input -j ACCEPT -i eth1 -d 255.255.255.255/32
> /sbin/ipchains -A input -j ACCEPT -i eth1 -s 192.168.1.1/255.255.255.0
> /sbin/ipchains -A input -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
> /sbin/ipchains -A input -j DENY -i eth0 -s 192.168.1.1/255.255.255.0 -l
> /sbin/ipchains -A input -j ACCEPT -i eth0 -d 255.255.255.255/32
> /sbin/ipchains -A input -j ACCEPT -i eth0 -d 217.208.37.123/32
> /sbin/ipchains -A input -j ACCEPT -i eth0 -d 217.208.37.255/32
> /sbin/ipchains --no-warnings -A forward -j MASQ -i eth0 -s
> 192.168.1.1/255.255.255.0
> /sbin/ipchains -A output -j ACCEPT -i lo
> /sbin/ipchains -A output -j ACCEPT -i eth1 -d 192.168.1.1/255.255.255.0
> /sbin/ipchains -A output -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
> /sbin/ipchains -A output -j DENY -i eth0 -d 192.168.1.1/255.255.255.0 -l
> /sbin/ipchains -A output -j ACCEPT -i eth0 -s 217.208.37.123/32
> /sbin/ipchains -A output -j ACCEPT -i eth0 -s 217.208.37.255/32
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_always_defrag
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
> /sbin/ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
> /sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l

Du behöver ha en masquerading-regel också...

/sbin/ipchains -A forward -s 192.168.1.1/255.255.255.0 -d 0.0.0.0/0 -i eth0 -j MASQ

Denna måste köras innan du gör DENY på forward kedjan.

/Ludde


-- 
  _   _ _ __  __  ___
 | | | | |  \|  \| __| Ludvig Omholt ................... ludde@ludde.net
 | |_| | | D | D | _|  070-310 08 71 ................. http://ludde.net/
 |___|___|__/|__/|___| +++++ gandalf: Linux 2.4.17-pre6 on an i686 +++++

Attachment: pgpmum2HaedBp.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: ipmasq problem
  - From: Ludvig Omholt <ludde@ludde.net>

References:
- ipmasq problem
  - From: Mikael Bergman <m10678@abc.se>

Prev by Date: ipmasq problem
Next by Date: Re: Ljud i Potato med Linux 2.2.19
Previous by thread: ipmasq problem
Next by thread: Re: ipmasq problem
Index(es):
- Date
- Thread