RE: iptables modules kill ppp
>===== Original Message From wtopa@dmcom.net =====
> Subject: iptables modules kill ppp
> Date: Sun, Jul 01, 2001 at 09:23:28PM -0500
>
>Quoting Matthew Garman(garman@uiuc.edu):
>> I posted not too long ago about PPP not working with my new kernel. The
>> culprit turned out to be the iptables modules. When the following modules
>> are loaded, PPP won't work:
>
>Please define, "PPP won't work".
I meant it won't work as in what I described in my previous email post to the
list about PPP not working with a kernel upgrade.
To recap: I can use pon to dial my ISP, I connect, and get an IP number
assigned. /sbin/route shows that everything is setup as expected. However,
with the iptables modules loaded, I cannot use any network programs. It is
not possible to do DNS lookups. If I try to ping a host, using it's numerical
IP addres, *as root*, I get the following error:
"sendto: operation not permitted"
>Can you use the net from the firewall?
>Does the connection drop, or do you mean that systems behind the
>firewall can't connect to the net?
The connection does not drop. I meant to stress in my original post that
these things happen *with no firewall*, or at least, no iptables rules. In
other words, I flush all the rulesets, and set the default policy to all
built-in chains to ACCEPT. So there is effectively no real firewall.
But once I use rmmod to remove all the iptables-related modules, the PPP
problem goes away.
>If what you mean is the latter, have you enabled forwarding
>(echo 1 > /proc/sys/net/ipv4/ip_forward)?
>Did you include the rule to enable masquerading?
>$IPTABLES -t nat -A POSTROUTING -o ppp0 -s $NETWORK -j MASQUERADE
I'm not trying to use masquerading or NAT in my current setup. Do I still
need to issue these commands?
As a sidenote, the reason I was playing with my firewalls and new kernel
upgrades is as follows: at school, I have a cablemodem which is shared through
an internal LAN, using my computer as the gateway machine. I had everything
setup using ipchains and kernel 2.2.18 last semester. When I go back to
school in the fall, I want to have my iptables-based firewall ready to go. So
all my firewall rules applied to eth0 and eth1... there were no iptables rules
for ppp0.
Thanks again,
Matt <garman@uiuc.edu>
Reply to: