subject:"USB Networking vs. iptables"

Re: USB Networking vs. iptables

2008-09-20 Thread Christian Weßel

Am Freitag, den 19.09.2008, 16:06 -0400 schrieb Joel Newkirk:

> You're most welcome.  The one problem with your reasoning regarding the
> default policy of ACCEPT is that the last rule in the RH-Firewall-1-INPUT
> chain is a 'drop all' rule...  Every RedHat/Fedora/CentOS box I've ever set
> up nearly the first thing I do is delete the default firewall and construct
> my own - I don't like the way they structure theirs.  IMHO best practice
> (and clearest logic) is to enable a DROP policy on INPUT and FORWARD
> chains, and add explicit ACCEPT rules for desired traffic. 
You are right. I have planned to do so, but after first installation of
FC I don't had any idea about iptables and SELinux. And currently I have
running my web server and don't want to block it. But I found a good
discription about a iptables based server FW. I will implement it in
future.

Now FR is more important :-).
-- 

mfg/br, christian

Flurstraße 14
29640 Schneverdingen
Germany

E-Mail: [EMAIL PROTECTED]
Telefon: +49 5193 97 14 95
Mobile:  +49 171 357 59 57
http://wesselch.homelinux.org


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: USB Networking vs. iptables

2008-09-19 Thread Joel Newkirk

On Fri, 19 Sep 2008 16:21:13 +, Christian Weßel <[EMAIL PROTECTED]>
wrote:
> iptables -I RH-Firewall-1-INPUT -s 192.168.0.202 -j ACCEPT
> 
> That's it. Now I am able to install Debian by following wiki guide
> 
> 
> Thanx a lot.
> 
> Am Freitag, den 19.09.2008, 07:35 -0400 schrieb Joel Newkirk:
>> Try "iptables -I RH-Firewall-1-INPUT -s 192.168.0.202 -j ACCEPT", or the
>> same rule inserted at the top of INPUT and FORWARD chains.

You're most welcome.  The one problem with your reasoning regarding the
default policy of ACCEPT is that the last rule in the RH-Firewall-1-INPUT
chain is a 'drop all' rule...  Every RedHat/Fedora/CentOS box I've ever set
up nearly the first thing I do is delete the default firewall and construct
my own - I don't like the way they structure theirs.  IMHO best practice
(and clearest logic) is to enable a DROP policy on INPUT and FORWARD
chains, and add explicit ACCEPT rules for desired traffic. 

j

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: USB Networking vs. iptables

2008-09-19 Thread Christian Weßel

iptables -I RH-Firewall-1-INPUT -s 192.168.0.202 -j ACCEPT

That's it. Now I am able to install Debian by following wiki guide


Thanx a lot.

Am Freitag, den 19.09.2008, 07:35 -0400 schrieb Joel Newkirk:
> Try "iptables -I RH-Firewall-1-INPUT -s 192.168.0.202 -j ACCEPT", or the
> same rule inserted at the top of INPUT and FORWARD chains.
-- 

mfg/br, christian weßel

Flurstraße 14
29640 Schneverdingen
Germany

E-Mail: [EMAIL PROTECTED]
Telefon: +49 5193 97 14 95
Mobile:  +49 171 357 59 57
http://wesselch.homelinux.org


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: USB Networking vs. iptables

2008-09-19 Thread Christian Weßel

Am Freitag, den 19.09.2008, 07:35 -0400 schrieb Joel Newkirk:
> Try "iptables -I RH-Firewall-1-INPUT -s 192.168.0.202 -j ACCEPT", or the
> same rule inserted at the top of INPUT and FORWARD chains.

I will try.

> RH-Firewall-1-INPUT blocks SSH from various specific IPs,  then accepts
> only very limited specific connections, including ICMP,http,https,ssh,CUPS
> and ipsec but NOT including DNS...  

That's right, but at the end if no rules of the chain affected, the
police of the chain will affect. And the default police is ACCEPT. So, I
guess that means that DNS is not blocked.

> Lack of a rule accepting DNS in INPUT
> keeps you from doing DNS lookups at 192.168.0.201, lack of a rule accepting
> DNS in FORWARD keeps you from doing DNS lookups at any other host.

I will try to add DNS to the private chain.
-- 

mfg/br, christian

Flurstraße 14
29640 Schneverdingen
Germany

E-Mail: [EMAIL PROTECTED]
Telefon: +49 5193 97 14 95
Mobile:  +49 171 357 59 57
http://wesselch.homelinux.org


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: USB Networking vs. iptables

2008-09-19 Thread Joel Newkirk

Try "iptables -I RH-Firewall-1-INPUT -s 192.168.0.202 -j ACCEPT", or the
same rule inserted at the top of INPUT and FORWARD chains.

Your FORWARD chain simply jumps to RH-Firewall-1-INPUT, the same as the
INPUT chain.

RH-Firewall-1-INPUT blocks SSH from various specific IPs,  then accepts
only very limited specific connections, including ICMP,http,https,ssh,CUPS
and ipsec but NOT including DNS...  Lack of a rule accepting DNS in INPUT
keeps you from doing DNS lookups at 192.168.0.201, lack of a rule accepting
DNS in FORWARD keeps you from doing DNS lookups at any other host.

If you want to keep it locked down tight on the Freerunner's traffic you
can amend the rule above with '-p udp --dport 53', but other things (like
email, FTP, VOIP, chat, and other things in the future) are probably
desirable as well, and not permitted through.

j


> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> num   pkts bytes target prot opt in out source
> destination 
> 1 592K  375M RH-Firewall-1-INPUT  all  --  *  *   0.0.0.0/0
> 0.0.0.0/0   
> 
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> num   pkts bytes target prot opt in out source
> destination 
> 1  701 45828 RH-Firewall-1-INPUT  all  --  *  *   0.0.0.0/0
> 0.0.0.0/0   
> 
> Chain OUTPUT (policy ACCEPT 613K packets, 261M bytes)
> num   pkts bytes target prot opt in out source
> destination 
> 
> Chain RH-Firewall-1-INPUT (2 references)
> num   pkts bytes target prot opt in out source
> destination 

> 21246K  210M ACCEPT all  --  lo *   0.0.0.0/0
> 0.0.0.0/0   
> 22 898 78034 ACCEPT icmp --  *  *   0.0.0.0/0
> 0.0.0.0/0   icmp type 255 
> 23   0 0 ACCEPT esp  --  *  *   0.0.0.0/0
> 0.0.0.0/0   
> 24   0 0 ACCEPT ah   --  *  *   0.0.0.0/0
> 0.0.0.0/0   
> 25  72 20607 ACCEPT udp  --  *  *   0.0.0.0/0
> 224.0.0.251 udp dpt:5353 
> 26   0 0 ACCEPT udp  --  *  *   0.0.0.0/0
> 0.0.0.0/0   udp dpt:631 
> 27   0 0 ACCEPT tcp  --  *  *   0.0.0.0/0
> 0.0.0.0/0   tcp dpt:631 
> 28330K  164M ACCEPT all  --  *  *   0.0.0.0/0
> 0.0.0.0/0   state RELATED,ESTABLISHED 
> 29 180 10764 ACCEPT tcp  --  *  *   0.0.0.0/0
> 0.0.0.0/0   state NEW tcp dpt:22 
> 30   0 0 ACCEPT tcp  --  *  *   0.0.0.0/0
> 0.0.0.0/0   state NEW tcp dpt:443 
> 314155  244K ACCEPT tcp  --  *  *   0.0.0.0/0
> 0.0.0.0/0   state NEW tcp dpt:80 
> 329849  611K REJECT all  --  *  *   0.0.0.0/0
> 0.0.0.0/0   reject-with icmp-host-prohibited 
> 
> Due to the masquerade I checked, if it would helpful to change the
> FR.resolv.conf to the same DNS (212.6.108.140), but I got just the known
> result:
> [EMAIL PROTECTED]:~# nslookup www.google.com
> Server:212.6.108.140
> Address 1: 212.6.108.140
> 
> nslookup: can't resolve 'www.google.com'
> 
> If I ping from FR to this IP I got a good result:
> 
> [EMAIL PROTECTED]:~# ping 212.6.108.140
> PING 212.6.108.140 (212.6.108.140): 56 data bytes
> 64 bytes from 212.6.108.140: seq=0 ttl=248 time=21.264 ms
> 64 bytes from 212.6.108.140: seq=1 ttl=248 time=22.464 ms
> 64 bytes from 212.6.108.140: seq=2 ttl=248 time=23.561 ms
> 
> --- 212.6.108.140 ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss
> round-trip min/avg/max = 21.264/22.429/23.561 ms
> 
> BTW, my router has no DNS function, it is just a router.



___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: USB Networking vs. iptables

2008-09-18 Thread Christian Weßel

Hello,

first I correct the DNS address at the both DNATs at the server side:
[EMAIL PROTECTED] backup]# iptables -L -t nat --line-numbers -n -v
Chain PREROUTING (policy ACCEPT 2829 packets, 171K bytes)
num   pkts bytes target prot opt in out source
destination 
10 0 DNAT   tcp  --  *  *   192.168.0.202
192.168.0.200   tcp dpt:53 to:212.6.108.140 
2   20  1248 DNAT   udp  --  *  *   192.168.0.202
192.168.0.200   udp dpt:53 to:212.6.108.140 

Chain POSTROUTING (policy ACCEPT 9133 packets, 641K bytes)
num   pkts bytes target prot opt in out source
destination 
1   59  6086 MASQUERADE  all  --  *  *   192.168.0.0/24
0.0.0.0/0   

But I recognize no pos. At the FR I have still the same results:
[EMAIL PROTECTED]:~# cat /etc/resolv.conf 
nameserver 192.168.0.200
[EMAIL PROTECTED]:~# nslookup www.google.com
Server:192.168.0.200
Address 1: 192.168.0.200

nslookup: can't resolve 'www.google.com'

I checked the filter table, I see no mistake. The most are standard
rules by RH/FC. The input and the forward chains are affect no traffic,
except the listed IPs:22 in private chain 'RH-Firewall-1-INPUT'.

on server:
[EMAIL PROTECTED] backup]# iptables -L -t nat --line-numbers -n -v
Chain PREROUTING (policy ACCEPT 2812 packets, 170K bytes)
num   pkts bytes target prot opt in out source
destination 
10 0 DNAT   tcp  --  *  *   192.168.0.202
192.168.0.200   tcp dpt:53 to:212.6.108.140 
2   20  1248 DNAT   udp  --  *  *   192.168.0.202
192.168.0.200   udp dpt:53 to:212.6.108.140 

Chain POSTROUTING (policy ACCEPT 9082 packets, 638K bytes)
num   pkts bytes target prot opt in out source
destination 
1   59  6086 MASQUERADE  all  --  *  *   192.168.0.0/24
0.0.0.0/0   

Chain OUTPUT (policy ACCEPT 9097 packets, 640K bytes)
num   pkts bytes target prot opt in out source
destination 
[EMAIL PROTECTED] backup]# iptables -L --line-numbers -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target prot opt in out source
destination 
1 592K  375M RH-Firewall-1-INPUT  all  --  *  *   0.0.0.0/0
0.0.0.0/0   

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target prot opt in out source
destination 
1  701 45828 RH-Firewall-1-INPUT  all  --  *  *   0.0.0.0/0
0.0.0.0/0   

Chain OUTPUT (policy ACCEPT 613K packets, 261M bytes)
num   pkts bytes target prot opt in out source
destination 

Chain RH-Firewall-1-INPUT (2 references)
num   pkts bytes target prot opt in out source
destination 
1   18  1488 DROP   tcp  --  *  *   200.148.247.20
0.0.0.0/0   tcp dpt:22 
2   23  1256 DROP   tcp  --  *  *   85.114.135.61
0.0.0.0/0   tcp dpt:22 
3   19  1420 DROP   tcp  --  *  *   82.117.193.162
0.0.0.0/0   tcp dpt:22 
4   16  1292 DROP   tcp  --  *  *   218.240.15.45
0.0.0.0/0   tcp dpt:22 
5   19  1552 DROP   tcp  --  *  *   219.143.219.129
0.0.0.0/0   tcp dpt:22 
6   21  1668 DROP   tcp  --  *  *   211.20.200.24
0.0.0.0/0   tcp dpt:22 
7   23  1836 DROP   tcp  --  *  *   64.152.73.79
0.0.0.0/0   tcp dpt:22 
8   19  1500 DROP   tcp  --  *  *   203.112.151.49
0.0.0.0/0   tcp dpt:22 
92   120 DROP   tcp  --  *  *   91.121.162.172
0.0.0.0/0   tcp dpt:22 
10  22  1732 DROP   tcp  --  *  *   211.157.110.226
0.0.0.0/0   tcp dpt:22 
11  17  1356 DROP   tcp  --  *  *   219.94.180.143
0.0.0.0/0   tcp dpt:22 
12  16  1296 DROP   tcp  --  *  *   200.196.51.29
0.0.0.0/0   tcp dpt:22 
13  20  1536 DROP   tcp  --  *  *   222.221.12.13
0.0.0.0/0   tcp dpt:22 
14  20  2800 DROP   tcp  --  *  *   194.165.132.66
0.0.0.0/0   tcp dpt:22 
15  21  1668 DROP   tcp  --  *  *   58.253.67.58
0.0.0.0/0   tcp dpt:22 
16  17  3048 DROP   tcp  --  *  *   91.112.122.242
0.0.0.0/0   tcp dpt:22 
17  19  1840 DROP   tcp  --  *  *   125.206.243.126
0.0.0.0/0   tcp dpt:22 
18   0 0 DROP   tcp  --  *  *   72.29.77.144
0.0.0.0/0   tcp dpt:22 
19  20  1636 DROP   tcp  --  *  *   59.42.177.139
0.0.0.0/0   tcp dpt:22 
20  18  1316 DROP   tcp  --  *  *   212.14.37.2
0.0.0.0/0   tcp dpt:22 
21246K  210M ACCEPT all  --  lo *   0.0.0.0/0
0.0.0.0/0   
22 898 78034 ACCEPT icmp --  *  *   0.0.0.0/0
0.0.0.0/0   icmp type 255 
23   0 0 ACCEPT esp  --  *  *   0.0.0.0/0

Re: USB Networking vs. iptables

2008-09-18 Thread Joel Newkirk

I notice that you list the DNS server as 212.6.108.140
(resolver0.ewetel.de), but have the DNAT rules pointing at 212.6.181.140
(an unnamed IP that seems to be owned by 'claranet')...  Checking from the
'outside' (IE I'm not on your ISP's network, and I presume you are within
the ewetel.de network) 212.6.108.140 is a DNS server which won't let me do
recursive lookups, which is normal, but 212.6.181.140 seems unoccupied at
this time, or 100% firewalled.

If that doesn't resolve it, what's in your FORWARD and INPUT chains?  Can
you post the output of "iptables -vnL"?  (the -'v' for verbose means the
output will include counts of packets/bytes that matched each rule - useful
for debugging sometimes when unexpected zeros appear)  "iptables -vnL"
shows all the filter chains, INPUT/OUTPUT/FORWARD. (plus any custom chains)
 INPUT would affect packets from the Freerunner to the FC6 box (IE, when
resolv.conf points at 192.168.0.200) while FORWARD would affect packets
when you have the outside DNS server in resolv.conf.

j

On Thu, 18 Sep 2008 17:22:29 +, Christian Weßel <[EMAIL PROTECTED]>
wrote:
> Hello mokos,
> 
> I just have a DNS problem, I try to configure my FC6 following the guide
> http://wiki.openmoko.org/wiki/USB_Networking#Proxying_with_iptables
> because I have a simple static environment for my FR.
> 
> FR.usb.ip = 192.168.0.202
> server.usb.ip = 192.168.0.200
> server.eth.ip = 192.168.1.10
> router.eth.ip = 192.168.1.254
> DNS.ip = 212.6.108.140
> 
> on server:
> [EMAIL PROTECTED] ~]# cat /etc/resolv.conf 
> search home
> nameserver 212.6.108.140
> nameserver 212.6.108.141
> 
> [EMAIL PROTECTED] ~]# iptables -L -t nat --line-numbers -n
> Chain PREROUTING (policy ACCEPT)
> num  target prot opt source   destination 
> 1DNAT   tcp  --  192.168.0.202192.168.0.200   tcp
> dpt:53 to:212.6.181.140 
> 2DNAT   udp  --  192.168.0.202192.168.0.200   udp
> dpt:53 to:212.6.181.140 
> 
> Chain POSTROUTING (policy ACCEPT)
> num  target prot opt source   destination 
> 1MASQUERADE  all  --  192.168.0.0/24   0.0.0.0/0   
> 
> Chain OUTPUT (policy ACCEPT)
> num  target prot opt source   destination
> 
> on FR:
> [EMAIL PROTECTED]:~# cat /etc/resolv.conf 
> nameserver 192.168.0.200
> 
> [EMAIL PROTECTED]:~# ping 74.125.19.147 -c 1
> PING 74.125.19.147 (74.125.19.147): 56 data bytes
> 64 bytes from 74.125.19.147: seq=0 ttl=236 time=182.480 ms
> 
> --- 74.125.19.147 ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> round-trip min/avg/max = 182.480/182.480/182.480 ms
> 
> [EMAIL PROTECTED]:~# nslookup www.google.com
> Server:192.168.0.200
> Address 1: 192.168.0.200
> 
> nslookup: can't resolve 'www.google.com'
> 
> For me the masqueration seems to be fine, just something with DNAT is
> wrong.
> If I change the FR.resolv.conf to 'nameserver 212.6.181.140' it also not
> working.
> 
> But what's wrong?
> 
> BTW: I got no SElinux security alerts, neither in secure nor in
> messages.
>

___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: USB Networking vs. iptables

2008-09-18 Thread Dennis Ferron

Instead of this:

tables -t nat -A PREROUTING -p tcp -s 192.168.0.202 -d 192.168.0.200
--dport domain -j DNAT --to-destination 192.168.0.1
iptables -t nat -A PREROUTING -p udp -s 192.168.0.202 -d 192.168.0.200
--dport domain -j DNAT --to-destination 192.168.0.1

Did you do/would you try this (on your server):

tables -t nat -A PREROUTING -p tcp -s 192.168.0.202 -d 192.168.0.200
--dport domain -j DNAT --to-destination 192.168.1.254
iptables -t nat -A PREROUTING -p udp -s 192.168.0.202 -d 192.168.0.200
--dport domain -j DNAT --to-destination 192.168.1.254

This assumes your router is set up as a DNS server.  Then in resolv.conf,
use your router at 192.168.1.254 as the DNS server, not any of those other
values.  That is (I think) similar to how I have mine configured at home.
 If you still have problems, I'll post my exact /etc conf files for you when
I get home.

On Thu, Sep 18, 2008 at 12:22 PM, Christian Weßel <[EMAIL PROTECTED]> wrote:

> Hello mokos,
>
> I just have a DNS problem, I try to configure my FC6 following the guide
> http://wiki.openmoko.org/wiki/USB_Networking#Proxying_with_iptables
> because I have a simple static environment for my FR.
>
> FR.usb.ip = 192.168.0.202
> server.usb.ip = 192.168.0.200
> server.eth.ip = 192.168.1.10
> router.eth.ip = 192.168.1.254
> DNS.ip = 212.6.108.140
>
> on server:
> [EMAIL PROTECTED] ~]# cat /etc/resolv.conf
> search home
> nameserver 212.6.108.140
> nameserver 212.6.108.141
>
> [EMAIL PROTECTED] ~]# iptables -L -t nat --line-numbers -n
> Chain PREROUTING (policy ACCEPT)
> num  target prot opt source   destination
> 1DNAT   tcp  --  192.168.0.202192.168.0.200   tcp
> dpt:53 to:212.6.181.140
> 2DNAT   udp  --  192.168.0.202192.168.0.200   udp
> dpt:53 to:212.6.181.140
>
> Chain POSTROUTING (policy ACCEPT)
> num  target prot opt source   destination
> 1MASQUERADE  all  --  192.168.0.0/24   0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> num  target prot opt source   destination
>
> on FR:
> [EMAIL PROTECTED]:~# cat /etc/resolv.conf
> nameserver 192.168.0.200
>
> [EMAIL PROTECTED]:~# ping 74.125.19.147 -c 1
> PING 74.125.19.147 (74.125.19.147): 56 data bytes
> 64 bytes from 74.125.19.147: seq=0 ttl=236 time=182.480 ms
>
> --- 74.125.19.147 ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> round-trip min/avg/max = 182.480/182.480/182.480 ms
>
> [EMAIL PROTECTED]:~# nslookup www.google.com
> Server:192.168.0.200
> Address 1: 192.168.0.200
>
> nslookup: can't resolve 'www.google.com'
>
> For me the masqueration seems to be fine, just something with DNAT is
> wrong.
> If I change the FR.resolv.conf to 'nameserver 212.6.181.140' it also not
> working.
>
> But what's wrong?
>
> BTW: I got no SElinux security alerts, neither in secure nor in
> messages.
> --
>
> mfg/br, christian
>
> Flurstraße 14
> 29640 Schneverdingen
> Germany
>
> E-Mail: [EMAIL PROTECTED]
> Telefon: +49 5193 97 14 95
> Mobile:  +49 171 357 59 57
> http://wesselch.homelinux.org
>
> ___
> Openmoko community mailing list
> community@lists.openmoko.org
> http://lists.openmoko.org/mailman/listinfo/community
>
>
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

USB Networking vs. iptables

2008-09-18 Thread Christian Weßel

Hello mokos,

I just have a DNS problem, I try to configure my FC6 following the guide
http://wiki.openmoko.org/wiki/USB_Networking#Proxying_with_iptables
because I have a simple static environment for my FR.

FR.usb.ip = 192.168.0.202
server.usb.ip = 192.168.0.200
server.eth.ip = 192.168.1.10
router.eth.ip = 192.168.1.254
DNS.ip = 212.6.108.140

on server:
[EMAIL PROTECTED] ~]# cat /etc/resolv.conf 
search home
nameserver 212.6.108.140
nameserver 212.6.108.141

[EMAIL PROTECTED] ~]# iptables -L -t nat --line-numbers -n
Chain PREROUTING (policy ACCEPT)
num  target prot opt source   destination 
1DNAT   tcp  --  192.168.0.202192.168.0.200   tcp
dpt:53 to:212.6.181.140 
2DNAT   udp  --  192.168.0.202192.168.0.200   udp
dpt:53 to:212.6.181.140 

Chain POSTROUTING (policy ACCEPT)
num  target prot opt source   destination 
1MASQUERADE  all  --  192.168.0.0/24   0.0.0.0/0   

Chain OUTPUT (policy ACCEPT)
num  target prot opt source   destination

on FR:
[EMAIL PROTECTED]:~# cat /etc/resolv.conf 
nameserver 192.168.0.200

[EMAIL PROTECTED]:~# ping 74.125.19.147 -c 1
PING 74.125.19.147 (74.125.19.147): 56 data bytes
64 bytes from 74.125.19.147: seq=0 ttl=236 time=182.480 ms

--- 74.125.19.147 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 182.480/182.480/182.480 ms

[EMAIL PROTECTED]:~# nslookup www.google.com
Server:192.168.0.200
Address 1: 192.168.0.200

nslookup: can't resolve 'www.google.com'

For me the masqueration seems to be fine, just something with DNAT is
wrong.
If I change the FR.resolv.conf to 'nameserver 212.6.181.140' it also not
working.

But what's wrong?

BTW: I got no SElinux security alerts, neither in secure nor in
messages.
-- 

mfg/br, christian

Flurstraße 14
29640 Schneverdingen
Germany

E-Mail: [EMAIL PROTECTED]
Telefon: +49 5193 97 14 95
Mobile:  +49 171 357 59 57
http://wesselch.homelinux.org


signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
___
Openmoko community mailing list
community@lists.openmoko.org
http://lists.openmoko.org/mailman/listinfo/community

Re: USB Networking vs. iptables

Re: USB Networking vs. iptables

Re: USB Networking vs. iptables

Re: USB Networking vs. iptables

Re: USB Networking vs. iptables

Re: USB Networking vs. iptables

Re: USB Networking vs. iptables

Re: USB Networking vs. iptables

USB Networking vs. iptables

9 matches

Site Navigation

Mail list logo

Footer information