Re: Wan/Lan problem

[tomas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Mar 29, 2017 at 08:51:58AM -0700, Mike McClain wrote:
> On Tue, Mar 28, 2017 at 10:14:50PM -0400, Dan Ritter wrote:
> > On Tue, Mar 28, 2017 at 04:46:02PM -0700, Mike McClain wrote:
> <snip>
> > > The situation is this:
> > >
> > >      phone        eth0         eth1
> > > AT&T-------|   |--------|   |--------|   |-------|   |
> > >         AT&T modem/     Linux         my         Win2K
> > >             router       box         router       box

[...]

> Here are the statements from the firewall on the Linux box
> that deal with the LAN:
> 
> INET=eth0;
> LAN=eth1;
> S40='192.168.1.3';      # static IP of Win2K box
> 
> #   for masq    allow forwarding
> fwd=1;
> echo $fwd > /proc/sys/net/ipv4/ip_forward
> echo $fwd > /proc/sys/net/ipv4/conf/all/forwarding
> echo $fwd > /proc/sys/net/ipv4/conf/default/forwarding
> echo $fwd > /proc/sys/net/ipv4/conf/lo/forwarding
> echo $fwd > /proc/sys/net/ipv4/conf/eth0/forwarding
> echo $fwd > /proc/sys/net/ipv4/conf/eth1/forwarding
> 
> iptables -A INPUT -i $LAN -j ACCEPT
> iptables -A OUTPUT -f -d $S40 -j DROP

The above looks suspect: packets leaving your Linux box towards your
Windows box are dropped? Perhaps I'm missing something.

> iptables -A FORWARD -i $LAN -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -t nat -A POSTROUTING -o $INET -j MASQUERADE
> 
> eth0 up, eth1 down
> root@/deb73:~> route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         99.188.244.1    0.0.0.0         UG    0      0        0 eth0
> 99.188.244.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0

OK.

> eth0 up, eth1 up
> root@/deb73:~> route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         99.188.244.1    0.0.0.0         UG    0      0        0 eth0
> 99.188.244.0    0.0.0.0         255.255.252.0   U     0      0        0 eth0
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

This looks sensible, too.

> eth0 down, eth1 up
> root@/deb73:~> route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1

and this.

Hmmm. The routing tables look sane to me. At the moment I have no explanation
why the Linux box can't "see" the Internet while the net to the Windows box
is up. Can you ping the AT&T router? When the Windows net is up/is down?

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAljcDbcACgkQBcgs9XrR2kaEBQCeLofOgV12Z6nMGqsyp6uFA3Rm
Oi0AniEW1OQHJalIm2tvQXA/3OyVb1ij
=jxTG
-----END PGP SIGNATURE-----