Getting access out through gateway
Simon Slater
pyevet at aapt.net.au
Mon May 5 01:07:49 UTC 2008
G'day everyone,
Here is a problem I've struggled with for some time now and have run
out of ideas. Hopefully someone can point me in the right direction.
An acer laptop with F8 needs updating and has internet access via a
dialup connection to a box running FC6. Running Wireshark on the laptop
when a connection with Firefox is attempted shows the gateway returning
a packet with:
ICMP Destination unreachable (Host administratively prohibited).
This points to a REJECT target in the iptables, of which there is only
one. Yet with iptables stopped, there is still no connection, with the
gateway returning a packet with TCP flags: [RST, ACK].
Is the problem with the laptop or the gateway box? Here are the
iptables rules.
[root at Ipex ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root at Ipex ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 192.168.0.0/24
DROP all -- !192.168.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:nfs
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:microsoft-ds
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
[root at Ipex ~]#
All suggestions eagerly and gratefully anticipated.
--
'ooroo
Simon
Registered Linux User #463789. Sign up at: http://counter.li.org/
More information about the fedora-list
mailing list