Debian gateway problem

To: debian-user@lists.debian.org
Subject: Debian gateway problem
From: mett <mett@pmars.jp>
Date: Thu, 26 Dec 2013 14:27:00 +0900
Message-id: <[🔎] 20131226142700.4f9f1be6@asus.tamerr>

Hi,

I'm using a debian box as a router and multiserver between my LAN and
the internet.

Everything was working fine till yesterday when I put the box down for
upgrading memory, for a few hours.

Right now, the external interface of the gateway is fully accessible
from the net, and I do not have any problem with the different services
I am providing to the outside(mail, webserver. and dns for the web
servers).

The problem is on the LAN side, I can access some sites but not all the
sites as I used to do.

For example, I can access the "Start page" search engine but not
"Duckduckgo".

The gateway can access everything, it's the hosts behind the gateway
that cannot.


I have 2 interfaces on this box:
eth0 which is used as the LAN interface and
eth1 which is used as ppp0 with a static IP from my ISP.

-------------------------------------------------------------------
/etc/sysctl.conf has the forwarding rule for ipv4
net.ipv4.ip_forward=1
net.ipv4.conf.default.forwarding=1 (maybe useless but I'm kind of
trying everything) 
net.ipv4.conf.all.forwarding=1 (maybe useless but I'm kind of
trying everything) 
-------------------------------------------------------------------
cat cat /proc/sys/net/ipv4/ip_forward 
1
-------------------------------------------------------------------
Iptables rules are as follows
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT


#log udp port 5060
iptables -A INPUT -i ppp0 -p udp --dport 5060 -j LOG --log-level debug

#asterisk
iptables -A INPUT -i ppp0 -p udp --dport 5060 -j ACCEPT


#tor
iptables -A INPUT -i ppp0 -p tcp --dport 9001 -j ACCEPT

#postfix
iptables -A INPUT -i ppp0 -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 587 -j ACCEPT

#dovecot
iptables -A INPUT -i ppp0 -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 995 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 993 -j ACCEPT

#apache
iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 443 -j ACCEPT

#maradns
iptables -A INPUT -i ppp0 -p udp --dport 53 -j ACCEPT


# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT


# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT



# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward
------------------------------------------------------------------------

I am totally at loss and was wondering if somebody has an idea about
where the problem might be coming from.

It seems(according to tcpdump on both interface) that replies from some
sites get lost or get an ICMP destination unreachable from the
gateway somehow.


Thanks a lot.


mett

Reply to:

Follow-Ups:
- Re: Debian gateway problem
  - From: Richard Hector <richard@walnut.gen.nz>
- Re: Debian gateway problem
  - From: Tom H <tomh0665@gmail.com>
- Re: Debian gateway problem
  - From: Nemeth Gyorgy <friczy@freemail.hu>

Prev by Date: How to install memoizable?
Next by Date: Re: Nvidia 210 with HDMI
Previous by thread: Re: How to install memoizable?
Next by thread: Re: Debian gateway problem
Index(es):
- Date
- Thread