Re: Wan/Lan problem

To: debian-user@lists.debian.org
Subject: Re: Wan/Lan problem
From: <tomas@tuxteam.de>
Date: Wed, 29 Mar 2017 21:40:39 +0200
Message-id: <[🔎] 20170329194039.GA1943@tuxteam.de>
In-reply-to: <[🔎] 20170329155158.GA16581@playground>
References: <[🔎] 20170329021450.GZ11579@newtao.randomstring.org> <[🔎] 20170329155158.GA16581@playground>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Mar 29, 2017 at 08:51:58AM -0700, Mike McClain wrote:
> On Tue, Mar 28, 2017 at 10:14:50PM -0400, Dan Ritter wrote:
> > On Tue, Mar 28, 2017 at 04:46:02PM -0700, Mike McClain wrote:
> <snip>
> > > The situation is this:
> > >
> > >      phone        eth0         eth1
> > > AT&T-------|   |--------|   |--------|   |-------|   |
> > >         AT&T modem/     Linux         my         Win2K
> > >             router       box         router       box

[...]

> Here are the statements from the firewall on the Linux box
> that deal with the LAN:
> 
> INET=eth0;
> LAN=eth1;
> S40='192.168.1.3';      # static IP of Win2K box
> 
> #   for masq    allow forwarding
> fwd=1;
> echo $fwd > /proc/sys/net/ipv4/ip_forward
> echo $fwd > /proc/sys/net/ipv4/conf/all/forwarding
> echo $fwd > /proc/sys/net/ipv4/conf/default/forwarding
> echo $fwd > /proc/sys/net/ipv4/conf/lo/forwarding
> echo $fwd > /proc/sys/net/ipv4/conf/eth0/forwarding
> echo $fwd > /proc/sys/net/ipv4/conf/eth1/forwarding
> 
> iptables -A INPUT -i $LAN -j ACCEPT
> iptables -A OUTPUT -f -d $S40 -j DROP

The above looks suspect: packets leaving your Linux box towards your
Windows box are dropped? Perhaps I'm missing something.

> iptables -A FORWARD -i $LAN -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -t nat -A POSTROUTING -o $INET -j MASQUERADE
> 
> eth0 up, eth1 down
> root@/deb73:~> route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         99.188.244.1    0.0.0.0         UG    0      0        0 eth0
> 99.188.244.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0

OK.

> eth0 up, eth1 up
> root@/deb73:~> route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         99.188.244.1    0.0.0.0         UG    0      0        0 eth0
> 99.188.244.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

This looks sensible, too.

> eth0 down, eth1 up
> root@/deb73:~> route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

and this.

Hmmm. The routing tables look sane to me. At the moment I have no explanation
why the Linux box can't "see" the Internet while the net to the Windows box
is up. Can you ping the AT&T router? When the Windows net is up/is down?

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAljcDbcACgkQBcgs9XrR2kaEBQCeLofOgV12Z6nMGqsyp6uFA3Rm
Oi0AniEW1OQHJalIm2tvQXA/3OyVb1ij
=jxTG
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: Wan/Lan problem
  - From: Dan Ritter <dsr@randomstring.org>
- Re: Wan/Lan problem
  - From: Mike McClain <mike.junk.46@copper.net>

Prev by Date: Re: Wan/Lan problem
Next by Date: Re: Matrox G550 mga driver hangs system
Previous by thread: Re: Wan/Lan problem
Next by thread: Re: Wan/Lan problem
Index(es):
- Date
- Thread