[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: iptables modules kill ppp

>===== Original Message From wtopa@dmcom.net =====
>	Subject: iptables modules kill ppp
>	Date: Sun, Jul 01, 2001 at 09:23:28PM -0500
>
>Quoting Matthew Garman(garman@uiuc.edu):
>> I posted not too long ago about PPP not working with my new kernel.  The
>> culprit turned out to be the iptables modules.  When the following modules
>> are loaded, PPP won't work:
>
>Please define, "PPP won't work".

I meant it won't work as in what I described in my previous email post to the 
list about PPP not working with a kernel upgrade.

To recap: I can use pon to dial my ISP, I connect, and get an IP number 
assigned.  /sbin/route shows that everything is setup as expected.  However, 
with the iptables modules loaded, I cannot use any network programs.  It is 
not possible to do DNS lookups.  If I try to ping a host, using it's numerical 
IP addres, *as root*, I get the following error:

"sendto: operation not permitted"

>Can you use the net from the firewall?
>Does the connection drop, or do you mean that systems behind the
>firewall can't connect to the net?

The connection does not drop.  I meant to stress in my original post that 
these things happen *with no firewall*, or at least, no iptables rules.  In 
other words, I flush all the rulesets, and set the default policy to all 
built-in chains to ACCEPT.  So there is effectively no real firewall.

But once I use rmmod to remove all the iptables-related modules, the PPP 
problem goes away.

>If what you mean is the latter, have you enabled forwarding
>(echo 1 > /proc/sys/net/ipv4/ip_forward)?
>Did you include the rule to enable masquerading?
>$IPTABLES -t nat -A POSTROUTING -o ppp0 -s $NETWORK -j MASQUERADE

I'm not trying to use masquerading or NAT in my current setup.  Do I still 
need to issue these commands?

As a sidenote, the reason I was playing with my firewalls and new kernel 
upgrades is as follows: at school, I have a cablemodem which is shared through 
an internal LAN, using my computer as the gateway machine.  I had everything 
setup using ipchains and kernel 2.2.18 last semester.  When I go back to 
school in the fall, I want to have my iptables-based firewall ready to go.  So 
all my firewall rules applied to eth0 and eth1... there were no iptables rules 
for ppp0.

Thanks again,
Matt <garman@uiuc.edu>
Reply to: