New modem and iptables...
John Summerfield
debian at herakles.homelinux.org
Sun Oct 21 21:45:32 UTC 2007
Antonio wrote:
> I installed a new modem ADSL2+ that doesn' t need pppo any longer
> because it starts connection by himself
>
> I had this set of rules on my my computer acting as a router.
> When I switched from the old to the new modem, the computer on the lan
> didn't surf the net, the I realized that I had to change some rule.
>
> # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> *nat
> :OUTPUT ACCEPT [0:0]
> :PREROUTING ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
> # Forward HTTP connections to Squid proxy
> -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
> COMMIT
> # Completed on Fri Feb 21 09:27:33 2003
> # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> *mangle
> :PREROUTING ACCEPT [9:432]
> :INPUT ACCEPT [3:234]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [9:684]
> :POSTROUTING ACCEPT [17:1292]
> COMMIT
> # Completed on Fri Feb 21 09:27:33 2003
> # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> *filter
> :FORWARD DROP [0:0]
> :INPUT DROP [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A FORWARD -i eth0 -j ACCEPT
> -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -i eth0 -j ACCEPT
> COMMIT
> # Completed on Fri Feb 21 09:27:33 2003
>
>
> _______________________________________________________
> I replaced the postrouting line by:
>
> -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
>
> But the LAN didn't work. Where is the mistake???
I expect your "modem" is actually a router, and that you can just turn
your Linux firewall off. The router performs firewall and NAT functions
that are perfectly adequate for most people.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
Please do not reply off-list
More information about the fedora-list
mailing list