Re: Debian gateway problem
On 26/12/13 18:27, mett wrote:
> Hi,
>
> I'm using a debian box as a router and multiserver between my LAN and
> the internet.
>
> Everything was working fine till yesterday when I put the box down for
> upgrading memory, for a few hours.
>
> Right now, the external interface of the gateway is fully accessible
> from the net, and I do not have any problem with the different services
> I am providing to the outside(mail, webserver. and dns for the web
> servers).
>
> The problem is on the LAN side, I can access some sites but not all the
> sites as I used to do.
>
> For example, I can access the "Start page" search engine but not
> "Duckduckgo".
That's really strange.
> iptables -A FORWARD -i ppp0 -o eth0 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
I assume that's really on one line?
> # Don't forward from the outside to the inside.
> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
That looks like outside to outside - you probably want "-i ppp0 -o eth0"
Beyond that, I have no idea, sorry.
I'd be testing with tcpdump, as you have been. Possibly confirm that the
IP addresses you're getting from DNS inside and on the gateway are the same?
Also perhaps try removing everything unrelated to the masquerading bit
from your script and see if that works, then add bits back in?
I also generally use a policy DROP rule (iptables -P INPUT DROP), which
I specify at the top of the file, rather than dropping through to a
DROP/REJECT rule at the end. That shouldn't make any difference, though.
Richard
Reply to: