well the problem is solved, I forgot to uncomment to rules.. now things are ok.
thanks ps: sorry for the double post, mua manipulation error ;( Le vendredi 15 avr 2005 � 10 h 24, Steve a dit: > Hi all! > > After the firmware upgrade of my modem/router, I have strange > behaviour with my lan: I can ping the internet from my clients but not > from the gateway machine ! > > Here is the setup: > > internet ---- modem ------- eth0 (gateway) ath0 -------- eth0 > (client) > > with : > > modem LAN : 192.168.1.1 > modem WAN : dhcp > eth0 gateway : dhcp > ath0 : 192.168.20.1 (fixe) > eth0 client : 192.168.20.3 (fixe) > > both running Debian Sarge kernel 2.6 > > I enabled the NAT mode on the modem so that all trafic goes on eth0 on > which I have the following iptables ruleset: > > gateway# iptables-save > > # Generated by iptables-save v1.2.11 on Fri Apr 15 10:10:33 2005 > *filter > :INPUT DROP [10:878] > :FORWARD DROP [9:360] > :OUTPUT DROP [82:15508] > -A INPUT -i lo -j ACCEPT > -A INPUT -s 192.168.20.0/255.255.255.0 -d 192.168.20.1 -i ath0 -j > ACCEPT-A INPUT -s 192.168.20.255 -d 192.168.20.1 -i ath0 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT > -A INPUT -j ULOG --ulog-prefix "Netfilter" > > -A FORWARD -s 192.168.20.0/255.255.255.0 -i ath0 -o eth0 -m state > --state NEW,RELATED,ESTABLISHED,UNTRACKED -j ACCEPT -A FORWARD -d > 192.168.20.0/255.255.255.0 -i eth0 -o ath0 -m state --state > RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT > > -A OUTPUT -s 192.168.20.1 -d 192.168.20.0/255.255.255.0 -o ath0 -j > ACCEPT -A OUTPUT -s 192.168.20.1 -d 192.168.20.255 -o ath0 -j ACCEPT > -A OUTPUT -j ULOG --ulog-prefix "Netfilter" > COMMIT > # Completed on Fri Apr 15 10:10:33 2005 > # Generated by iptables-save v1.2.11 on Fri Apr 15 10:10:33 2005 > *nat > :PREROUTING ACCEPT [227:28353] > :POSTROUTING ACCEPT [9:743] > :OUTPUT ACCEPT [80:4951] > -A POSTROUTING -s 192.168.20.0/255.255.255.0 -o eth0 -j MASQUERADE > COMMIT > # Completed on Fri Apr 15 10:10:33 2005 > > > gateway# ping 192.168.1.1 > > PING 192.168.1.1 (192.168.1.1): 56 data bytes > ping: sendto: Operation not permitted > ping: wrote 192.168.1.1 64 chars, ret=-1 > > but as I said, from the client it's ok.. and : > > gateway # route > > Table de routage IP du noyau > Destination Passerelle Genmask Indic Metric Ref Use Iface > 192.168.20.0 * 255.255.255.0 U 0 0 0 ath0 > 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1 > 192.168.1.0 * 255.255.255.0 U 0 0 0 > eth0 default 192.168.1.1 0.0.0.0 UG 0 0 0 > eth0 > > ok no? > > > So what's wrong? I haven't changed anything in my setup, so I don't > really understand what's going on (learning ..) What have I missed? > > Any help is welcomed ;-) > > > Greetings > Thanks > > steve > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
