New modem and iptables...
Antonio
antonio.montagnani at gmail.com
Sun Oct 21 20:29:00 UTC 2007
2007/10/21, Curtis Doty <Curtis at greenkey.net>:
> 9:48pm Antonio said:
>
> > I installed a new modem ADSL2+ that doesn' t need pppo any longer
> > because it starts connection by himself
> >
> > I had this set of rules on my my computer acting as a router.
> > When I switched from the old to the new modem, the computer on the lan
> > didn't surf the net, the I realized that I had to change some rule.
> >
> > # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> > *nat
> > :OUTPUT ACCEPT [0:0]
> > :PREROUTING ACCEPT [0:0]
> > :POSTROUTING ACCEPT [0:0]
> > -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
> > # Forward HTTP connections to Squid proxy
> > -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
> > COMMIT
> > # Completed on Fri Feb 21 09:27:33 2003
> > # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> > *mangle
> > :PREROUTING ACCEPT [9:432]
> > :INPUT ACCEPT [3:234]
> > :FORWARD ACCEPT [0:0]
> > :OUTPUT ACCEPT [9:684]
> > :POSTROUTING ACCEPT [17:1292]
> > COMMIT
> > # Completed on Fri Feb 21 09:27:33 2003
> > # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> > *filter
> > :FORWARD DROP [0:0]
> > :INPUT DROP [0:0]
> > :OUTPUT ACCEPT [0:0]
> > -A INPUT -i lo -j ACCEPT
> > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> > -A FORWARD -i eth0 -j ACCEPT
> > -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> > -A INPUT -i eth0 -j ACCEPT
> > COMMIT
> > # Completed on Fri Feb 21 09:27:33 2003
> >
> >
> > _______________________________________________________
> > I replaced the postrouting line by:
> >
> > -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
> >
> > But the LAN didn't work. Where is the mistake???
> >
>
> Take a closer look at "iptables-save -c" preferably run in the year 2007
> after making your change.
>
> Are you really sure the problem is iptables related? You might also peek
> at "ip addr" and "ip route" just to make sure you still don't have
> something goofy leftover in your routing like default dev ppp0.
>
> ../C
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
I re-booted (network and iptables restart seem not enough) and now the
LAN is on the net.
But I have a question: if eth1 is defined to get IP address from
network (i.e. the modem) why
I get (please take note that modem is 192.168.1.1)
:
[antonio at Casa ~]$ /sbin/route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 87.14.136.149 0.0.0.0 UG 0 0 0 eth1
[antonio at Casa ~]$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:11:D8:BF:9F:05
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::211:d8ff:febf:9f05/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:62180 errors:0 dropped:0 overruns:0 frame:0
TX packets:116218 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5008926 (4.7 MiB) TX bytes:161555044 (154.0 MiB)
Interrupt:20
eth1 Link encap:Ethernet HWaddr 52:54:05:E5:82:46
inet addr:87.14.136.149 Bcast:87.14.136.149 Mask:255.255.255.255
inet6 addr: fe80::5054:5ff:fee5:8246/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126705 errors:0 dropped:0 overruns:0 frame:0
TX packets:80821 errors:0 dropped:0 overruns:0 carrier:0
collisions:241 txqueuelen:1000
RX bytes:172334866 (164.3 MiB) TX bytes:6589413 (6.2 MiB)
Interrupt:19 Base address:0xec00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8644 errors:0 dropped:0 overruns:0 frame:0
TX packets:8644 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:30019892 (28.6 MiB) TX bytes:30019892 (28.6 MiB)
______________________________________________________
Tnx
--
Antonio Montagnani
Skype : antoniomontag
More information about the fedora-list
mailing list