Great! I'm glad we could help you work it out.
To summarize, then, the setup of the iptables rules (especially regarding
the forwards and nat rules) should use ppp0 rather than the eth1 (which is
the actual lan interface card).
By using ppp0 rather than eth1 the traffic is now properly
FORWARD doesn't see those as destinated to 192.168.0.0/16, i guess. I'd
rather use state module and write them as follows:
iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED \
-j ACCEPT
iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED \
-j ACCEPT
On 4/25/05, Willie Wong [EMAIL PROTECTED] wrote:
On Mon, Apr 25, 2005 at 12:08:25AM +0600, askar ... wrote:
humour me and post `iptables -L -v -t nat' to show the nat routing
table.
The result is:
Chain PREROUTING (policy ACCEPT 9193 packets, 593K bytes)
pkts bytes target prot
After that, try connectin to the internet with the Windows box again.
I did all things you wrote. But still fails to connect the internet
from Windows box
After it failed, either
# dmesg
or
# tail -n 60 /var/log/kernel/current
And show us the output.
#tail -n 60 /var/log/kernel/current
Well there's the indication of your problem. Apparently your system
thinks
that the packets coming in from eth0 need to go to ppp0 rather than
eth1.
Sounds like your routing tables are kinda hosed up.
eth0 is lan card for LAN, eth1 is for modem.
What's the output of route -v?
Argh... I must be too tired from working on my thesis. see below
On Mon, Apr 25, 2005 at 02:08:09PM -0400, Willie Wong wrote:
Wait... something's wrong here
(oh crap, after looking carefully at the mail I sent last, I noticed
the following... According to the instructions, you would
On 4/26/05, Willie Wong [EMAIL PROTECTED] wrote:
Wait... something's wrong here
(oh crap, after looking carefully at the mail I sent last, I noticed
the following... According to the instructions, you would have ended
up with the LOG target AFTER the first DROP target because of the -I
On 4/26/05, askar ... [EMAIL PROTECTED] wrote:
On 4/26/05, Dave Nebinger [EMAIL PROTECTED] wrote:
Well there's the indication of your problem. Apparently your system
thinks
that the packets coming in from eth0 need to go to ppp0 rather than
eth1.
Here I remembered words of gentoo
Dear Dave and Willie, and others!
Thanks for your assistance.
Anyway, furthermore I have to understand iptables more and more.
Thanks again.
askarOn 4/26/05, askar ... [EMAIL PROTECTED] wrote: On 4/26/05, askar ... [EMAIL PROTECTED] wrote: On 4/26/05, Dave Nebinger
[EMAIL PROTECTED] wrote:
On 4/26/05, askar ... [EMAIL PROTECTED] wrote:
On 4/26/05, Dave Nebinger [EMAIL PROTECTED] wrote:
Well there's the indication of your problem. Apparently your
system
thinks
that the packets coming in from eth0 need to go to ppp0 rather
than
eth1.
Here I remembered words
On 4/24/05, Willie Wong [EMAIL PROTECTED] wrote:
Did you follow the gentoo home router guide? I suggest you start
over... with the line that says
iptables -F
you have LOTS of duplicate rules in your chain, and some of them
doesn't make sense: you don't want
ACCEPT all -- anywhere
On Sun, Apr 24, 2005 at 01:10:51PM +0600, askar ... wrote:
At present. my 2 PCs can talk to each others.
WinPC can resolve hostnames by nslookup, but can use internet.
askar
seriously. post your iptables -L -v , not just iptables -L
We need to see the interface information. DHCP is
On 4/24/05, Willie Wong [EMAIL PROTECTED] wrote:
On Sun, Apr 24, 2005 at 01:10:51PM +0600, askar ... wrote:
At present. my 2 PCs can talk to each others.
WinPC can resolve hostnames by nslookup, but can use internet.
askar
seriously. post your iptables -L -v , not just iptables -L
On Sun, Apr 24, 2005 at 11:16:23PM +0600, askar ... wrote:
Here is my iptables -L -v result:
bash-2.05b# iptables -L -v
Chain INPUT (policy ACCEPT 2798K packets, 4013M bytes)
pkts bytes target prot opt in out source
destination
0 0 REJECT udp --
As far as I can tell, your iptables checks out fine.
I know you mentioned this in your first mail, but can you check if
you have ip_forwarding turned on?
cat /proc/sys/net/ipv4/ip_forward
it should give a value 1
Yes, I have a value 1.
askar
--
gentoo-user@gentoo.org mailing list
On 4/24/05, Willie Wong [EMAIL PROTECTED] wrote:
On Sun, Apr 24, 2005 at 11:16:23PM +0600, askar ... wrote:
Here is my iptables -L -v result:
bash-2.05b# iptables -L -v
Chain INPUT (policy ACCEPT 2798K packets, 4013M bytes)
pkts bytes target prot opt in out source
On Mon, Apr 25, 2005 at 12:08:25AM +0600, askar ... wrote:
humour me and post `iptables -L -v -t nat' to show the nat routing
table.
The result is:
Chain PREROUTING (policy ACCEPT 9193 packets, 593K bytes)
pkts bytes target prot opt in out source
destination
On Apr 24, 2005, at 6:14 pm, askar ... wrote:
At present. my 2 PCs can talk to each others.
WinPC can resolve hostnames by nslookup, but can use internet.
Wait, isn't this what you wanted? Or do you mean WinPC cannot use the
internet?
Yes, my WinPC cannot use the internet. :(
This is the best way
What does iptables -L say?
The result is:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT udp -- anywhere anywhereudp
On 4/24/05, Willie Wong [EMAIL PROTECTED] wrote:
Did you follow the gentoo home router guide? I suggest you start
over... with the line that says
iptables -F
you have LOTS of duplicate rules in your chain, and some of them
doesn't make sense: you don't want
ACCEPT all -- anywhere
# iptables -I FORWARD -i eth0 -d 192.168.0.0/255.255.0.0 -j DROP
# iptables -A FORWARD -i eth0 -s 192.168.0.0/255.255.0.0 -j ACCEPT
# iptables -A FORWARD -i eth1 -d 192.168.0.0/255.255.0.0 -j ACCEPT
I'm still working through my iptables for my home router, but I think you
need to
You seem to have missed out this one
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
My home router stopped working without that.
Hope that helps somewhat.
-
Alex A. Smith MCP
ASMHosting.com Owner
askar ... wrote:
Hello!
Installed Gentoo 2005.0, stage3.
I want to
You seem to have missed out this one
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
He didn't miss it, it's not part of the page. And it shouldn't be needed as
the rules that he's defined does not inspect state at all; they simply
accept packets (regardless of state) when
The iptable rules from the howto seem to assume that the default policy is
set up to the following:
INPUT - DROP
FORWARD - DROP
OUTPUT - ACCEPT
Seeing as I hate assuming what is actually going on, I would add the
following lines to the top of the iptables script:
iptables -P INPUT DROP
iptables
Rather than roll your own iptables script, use monmotha (its in portage)
to get up and running. As well as better protection, you can eliminate
iptables as the cause of your problems.
BillK
On Thu, 2005-04-21 at 22:38 +0600, askar ... wrote:
Hello!
Installed Gentoo 2005.0, stage3.
--
25 matches
Mail list logo