Re: IP Forwarding to Windows machine
2014-08-10 01:49 keltezéssel, Mike McClain írta:
>> It's a rather complicated, sometimes overcomplicated script. But some
>> rules are missing and/or not in the correct order.
>
> I've little doubt you are correct, admittedly I'm flailing a bit.
> Trying this and that with little luck.
> I'd appreciate it if you'ld be a little more explicit as to what's
> missing and out of order. I'm running no external services.
Sorry, there were too many mistakes in the script, it would be too many
mails to clean the errors in it.
> I did exactly as you suggested, implimenting a minimalist set of rules,
> only the 5 you mentioned and saw improvement. now the Win2K box can
> ping google.com and get a reply but IE still can't connect to
> Google.com nor several other sites I tried, still reporting,
> "Cannot find server or DNS error."
>
> Thanks for your help.
> Any further suggestions?
If the DNS seems to be the problem (according to the message) then the
first todo is to debug DNS settings. On Windows you can check the proper
DNS with ipconfig /all command and check whether DNS is properly set or not.
Another debug solution can be to insert LOG rules at the end of the script
iptables -A FORWARD -j LOG --log-prefix iptables-forward
iptables -A INPUT -j LOG --log-prefix iptables-input
then with checking the log you can see what is dropped. But be careful.
There can be a lot of log lines. But for debugging it can be a good
solution.
Usually it is worth to create a junk chain and drop a lot of known
packets without logging (of course only if you know they are really junk)
--
--- Friczy ---
'Death is not a bug, it's a feature'
Reply to: