Jump to content

internet connection sharing


Guest skandia
 Share

Recommended Posts

Guest skandia

Hi,

 

I am attempting to share my main PCs dial up internet connetion over a LAN with an old laptop - Dell CpiA 366 with 64 meg of memory

 

My main PC runs Mandriva LE2005 and the laptop Vector Linux (as Mandriva required better hardware).

 

I have got an ethernet lan working between the two machnies - I can ping in either direction.

 

Main PC address 192.168.100.2, laptop 192.169.100.30

 

I have tried the mandriva ICS in the MCC - and adjusted the firewall countless times

 

recently tried the pinned info at the top of the networking forum about ICS by IWPCs

 

still no joy - any help greatfully appreciated!

 

The ouput of ifconfig is:

eth0      Link encap:Ethernet  HWaddr 00:06:4F:06:D3:A8  
         inet addr:192.168.100.2  Bcast:192.168.100.255  Mask:255.255.255.0
         inet6 addr: fe80::206:4fff:fe06:d3a8/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:53 errors:0 dropped:0 overruns:0 frame:0
         TX packets:69 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000 
         RX bytes:4362 (4.2 Kb)  TX bytes:8518 (8.3 Kb)
         Interrupt:10 Base address:0xd400 

lo        Link encap:Local Loopback  
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0 
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ppp0      Link encap:Point-to-Point Protocol  
         inet addr:212.24.77.56  P-t-P:212.24.65.147  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:66 errors:2 dropped:0 overruns:0 frame:0
         TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:3 
         RX bytes:21580 (21.0 Kb)  TX bytes:5282 (5.1 Kb)

sit0      Link encap:IPv6-in-IPv4  
         inet6 addr: ::127.0.0.1/96 Scope:Unknown
         inet6 addr: ::192.168.100.2/96 Scope:Compat
         UP RUNNING NOARP  MTU:1480  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0 
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 

the output of route -n is:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
212.24.65.147   0.0.0.0         255.255.255.255 UH    50     0        0 ppp0
192.168.100.0   0.0.0.0         255.255.255.0   U     10     0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         212.24.65.147   0.0.0.0         UG    50     0        0 ppp0

 

the output of iptables -nvL is:

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  24  3780 ACCEPT     all  --  eth0   *       192.168.100.2        192.168.100.255     
   0     0 logaborted  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED tcp flags:0x04/0x04 
  60 21370 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 
   6   396 nicfilt    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
   6   396 srcfilt    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 
  26  1928 srcfilt    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
  54  4719 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 3 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 11 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 12 
  35  4508 s1         all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f0to1 (4 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0 
   3   144 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f0to2 (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f1to0 (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8880 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:443 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:888 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:21 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:110 state NEW 
   3   156 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:80 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8080 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8008 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8000 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8888 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 state NEW 
   5   320 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
   3   252 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:25 state NEW 
   0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f1to2 (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:111 state NEW 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:111 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpts:1024:65535 state NEW 
  24  3780 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2049 state NEW 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:2049 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:3128 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:443 state NEW 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:177 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:21 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:23 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:80 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8080 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8008 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8000 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:8888 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 state NEW 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:22 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:0:1023 dpt:22 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpts:6000:6063 state NEW 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpts:5900:5903 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:5999 dpt:5800 state NEW 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:3130 
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:3130 
   0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f2to0 (1 references)
pkts bytes target     prot opt in     out     source               destination         
  26  1928 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain f2to1 (4 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 0 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:3130 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:443 state NEW 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:177 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:21 state NEW 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:161 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:23 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:80 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:8080 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:8008 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:8000 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:8888 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:22 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:0:1023 dpt:22 state NEW 
   3   252 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpts:6000:6063 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpts:5900:5903 state NEW 
   0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spts:1024:65535 dpt:5800 state NEW 
   0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:3130 
   0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logaborted (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 logaborted2  all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 10 
   0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED ' 

Chain logaborted2 (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 7 level 4 prefix `ABORTED ' 
   0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 

Chain logdrop (8 references)
pkts bytes target     prot opt in     out     source               destination         
  29  2072 logdrop2   all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 10 
   0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED ' 
   0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logdrop2 (1 references)
pkts bytes target     prot opt in     out     source               destination         
  29  2072 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 7 level 4 prefix `DROPPED ' 
  29  2072 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject (0 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 logreject2  all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 1/sec burst 10 
   0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED ' 
   0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
   0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
   0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain logreject2 (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 7 level 4 prefix `REJECTED ' 
   0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset 
   0     0 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
   0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain nicfilt (1 references)
pkts bytes target     prot opt in     out     source               destination         
   3   252 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
   0     0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           
   0     0 RETURN     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
   3   144 RETURN     all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
   0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain s0 (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 f0to1      all  --  *      *       0.0.0.0/0            192.168.100.2       
   0     0 f0to1      all  --  *      *       0.0.0.0/0            192.168.100.255     
   0     0 f0to1      all  --  *      *       0.0.0.0/0            127.0.0.1           
   3   144 f0to1      all  --  *      *       0.0.0.0/0            212.24.77.56        
   0     0 f0to2      all  --  *      *       0.0.0.0/0            192.168.100.0/24    
   0     0 logdrop    all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain s1 (1 references)
pkts bytes target     prot opt in     out     source               destination         
  24  3780 f1to2      all  --  *      *       0.0.0.0/0            192.168.100.0/24    
  11   728 f1to0      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain s2 (1 references)
pkts bytes target     prot opt in     out     source               destination         
   3   252 f2to1      all  --  *      *       0.0.0.0/0            192.168.100.2       
   0     0 f2to1      all  --  *      *       0.0.0.0/0            192.168.100.255     
   0     0 f2to1      all  --  *      *       0.0.0.0/0            127.0.0.1           
   0     0 f2to1      all  --  *      *       0.0.0.0/0            212.24.77.56        
  26  1928 f2to0      all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain srcfilt (2 references)
pkts bytes target     prot opt in     out     source               destination         
  29  2180 s2         all  --  *      *       192.168.100.0/24     0.0.0.0/0           
   3   144 s0         all  --  *      *       0.0.0.0/0            0.0.0.0/0           

and the output of iptables -nvL -t nat is:
Chain PREROUTING (policy ACCEPT 46 packets, 3274 bytes)
pkts bytes target     prot opt in     out     source               destination         
  43  3130 loc_dnat   all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT 26 packets, 3083 bytes)
pkts bytes target     prot opt in     out     source               destination         
  11   728 ppp_masq   all  --  *      ppp+    0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 26 packets, 3083 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain loc_dnat (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128 
   0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 3128 

Chain ppp_masq (1 references)
pkts bytes target     prot opt in     out     source               destination         
   0     0 MASQUERADE  all  --  *      *       192.168.100.0/24     0.0.0.0/0

Link to comment
Share on other sites

Ouch - long firewall list...

 

When you try to access the Internet from the laptop, the packets follow this route through your rules and get dropped:

 

Chain FORWARD (policy DROP 0 packets, 0 bytes)

26 1928 srcfilt all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain srcfilt (2 references)

29 2180 s2 all -- * * 192.168.100.0/24 0.0.0.0/0

 

Chain s2 (1 references)

26 1928 f2to0 all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain f2to0 (1 references)

26 1928 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0

 

Chain logdrop (8 references)

29 2072 logdrop2 all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10

 

Chain logdrop2 (1 references)

29 2072 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `DROPPED '

29 2072 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

 

 

So, try typing this as root:

 iptables -I FORWARD 1 -s 192.168.100.0/24 -j ACCEPT

 

and let us know what happens!

(it Inserts a rule to allow anything from your LAN at the top of the FORWARD table)

 

Your firewall ruleset really does not need to be that long - there are a lot of redundant entries in there...

 

Chris

Link to comment
Share on other sites

i'm sure streeter will get you straightened out here but I would just like to add that I have used the shorewall two interface guide many times to set up (ICS, NAT, IP masquerading, whatever you wanna call it) over my dialup connection without too much trouble. When I have had problems its always been because I didn't carefully follow directions.

 

Thats actually a link to a frame from their web pages to make it easier to find. The full URL is Shoreline Firewall but then you would have to root out proper page.

Link to comment
Share on other sites

Guest skandia

Hi

 

Thank you Streeter & Angst for your replies.

 

I have applied Streeters new iptables rule .............

 

Before applying the rule the browser on the laptop could not resolve the website address

 

After applying the new rule the website address is resolved (and I can ping internet address such as www.bbc.co.uk).

 

However, the laptop browser gets no further than stating that it is connecting to www.bbc.co.uk

 

For info I am using a wireless LAN on the laptop connecting to a buffalo airstation. Airstation set to ip address 192.168.100.1

 

I can ping both ways from the Mandriva machine to the laptop.

 

I can also access the buffalo airstation set up 'web page' from the mandrake machine and the laptop.

Link to comment
Share on other sites

Chain loc_dnat (1 references)

pkts bytes target prot opt in out source destination

0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128

0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128

 

Haven't got time at the minute to follow the chains through, but this is redirecting all HTTP traffic through Squid, which is presumeably not working properly...

 

Try adding this rule:

iptables -t nat -D PREROUTING -i eth0 -j loc_dnat

 

Should work - deletes the path to the redirection rule.

 

Chris

Link to comment
Share on other sites

Guest skandia

Thanks again streeter

 

this was reported when I tried the rule you suggested

 

iptables: Bad rule (does a matching rule exist in that chain?)

 

which I guess does as the rule is the same as the one to be added to etc/rcd/rc.local your setup guide

Link to comment
Share on other sites

Try turning off shorewall - a lot of those rules are unnecessary for a simple network...

 

Below is a cut down, basic firewall which can be put in a file in /etc/rc.d/init.d. Call it tables or something and put symlinks in /etc/rc3.d and rc5.d to run it at boot.

 

It is very basic (doesn't do protection from DOS attacks etc, but we are on dial up here so being practical, that's not really a problem). It gives pretty good protection and will be easy to troubleshoot.

 

See how you get on...

 

#flush the tables
iptables -F
iptables -t nat -F
iptables -X common

iptables -N common  # Create new chain called common

#Default policies
iptables -P INPUT  DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT  # allow established packets in ppp0
iptables -A INPUT -i ppp+ -j DROP         # drop all other packets coming in to ppp0
iptables -A INPUT -j common

iptables -A FORWARD -j common

iptables -A common -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A common -s 127.0.0.1 -j ACCEPT
iptables -A common -s 192.168.100.0/24 -j ACCEPT
iptables -A common -j LOG --log-prefix "Chain common"
iptables -A common -j DROP                           #Log, then Dump the rest

iptables -t nat -A POSTROUTING -o ppp+ -s 192.168.100.0/24 -d 0/0  -j MASQUERADE

Link to comment
Share on other sites

Guest skandia

Hi

 

Finally got some spare time. to try out streets help

 

I was not 100% happy with a limited firewall so I thought I would try out Guarddog.

 

I removed Shorewall and installed Guarddog an iptablels configuation GUI which I could get my head around!

 

and bingo all worked OK!

 

:P

 

Thanks again for all the help

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...