Re: ipmasq problem

Ludvig Omholt Wed, 12 Dec 2001 01:17:43 -0600

On Tue, Dec 11, 2001 at 09:16:34PM +0100, Mikael Bergman wrote:
> 
> Jag jag forsoker satta upp ett litet natverk hemma med en maskin som
> gateway till ett ADSL snore. Jag har fatt igang natverkskorten och
> ADLS-scriptet ar pa plats, nu aterstar att fixa sa att mina andra
> (Windows) karror far tillgang till natet.
> 
> Jag kan surfa med lynx fran linuxmaskinen men inte fran XP-maskinen pa
> det lokala natverket. Jag kan telnetta och pinga gatewaymaskinen fran
> XP-burken sa jag vet att jag har "kontakt". Nagon som har en ide om var
> problemet sitter?
> 
> XP-maskinen ar konfigurerad med statisk ip: 192.168.1.111 och default
> gateway 192.168.1.1 som ar linuxkarran pa det lokala natet.
> 
> ipmasq -v ger:
> 
> #: Interfaces found:
> #:   eth0       217.208.37.123/255.255.255.0
> #:   eth1       192.168.1.1/255.255.255.0
> echo "0" > /proc/sys/net/ipv4/ip_forward
> echo "0" > /proc/sys/net/ipv4/ip_always_defrag
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output DENY
> /sbin/ipchains --no-warnings -P forward DENY
> /sbin/ipchains -F input
> /sbin/ipchains -F output
> /sbin/ipchains --no-warnings -F forward
> /sbin/ipchains -A input -j ACCEPT -i lo
> /sbin/ipchains -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l
> /sbin/ipchains -A input -j ACCEPT -i eth1 -d 255.255.255.255/32
> /sbin/ipchains -A input -j ACCEPT -i eth1 -s 192.168.1.1/255.255.255.0
> /sbin/ipchains -A input -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
> /sbin/ipchains -A input -j DENY -i eth0 -s 192.168.1.1/255.255.255.0 -l
> /sbin/ipchains -A input -j ACCEPT -i eth0 -d 255.255.255.255/32
> /sbin/ipchains -A input -j ACCEPT -i eth0 -d 217.208.37.123/32
> /sbin/ipchains -A input -j ACCEPT -i eth0 -d 217.208.37.255/32
> /sbin/ipchains --no-warnings -A forward -j MASQ -i eth0 -s
> 192.168.1.1/255.255.255.0
> /sbin/ipchains -A output -j ACCEPT -i lo
> /sbin/ipchains -A output -j ACCEPT -i eth1 -d 192.168.1.1/255.255.255.0
> /sbin/ipchains -A output -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
> /sbin/ipchains -A output -j DENY -i eth0 -d 192.168.1.1/255.255.255.0 -l
> /sbin/ipchains -A output -j ACCEPT -i eth0 -s 217.208.37.123/32
> /sbin/ipchains -A output -j ACCEPT -i eth0 -s 217.208.37.255/32
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_always_defrag
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
> /sbin/ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
> /sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l


Du behöver ha en masquerading-regel också...

/sbin/ipchains -A forward -s 192.168.1.1/255.255.255.0 -d 0.0.0.0/0 -i eth0 -j 
MASQ

Denna måste köras innan du gör DENY på forward kedjan.

/Ludde


-- 
  _   _ _ __  __  ___
 | | | | |  \|  \| __| Ludvig Omholt ................... [EMAIL PROTECTED]
 | |_| | | D | D | _|  070-310 08 71 ................. http://ludde.net/
 |___|___|__/|__/|___| +++++ gandalf: Linux 2.4.17-pre6 on an i686 +++++

pgpTbJOr0focz.pgp
Description: PGP signature

Re: ipmasq problem

Till