LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-10-2010, 10:35 PM   #1
dmlinton
LQ Newbie
 
Registered: Sep 2010
Posts: 3

Rep: Reputation: 1
Unhappy Need Help on Simple IPTables Router/Firewall


My first post!

I recently had a go at setting up a WiFi Hotspot using wifidog. This, of course, entails creating a router and I chose to use iptables as this is what wifidog uses anyhow. Hitherto, I had only a vague idea of what iptables is and even less of an idea how to use it. Now, having executed endless Googles and howtos with close to zero success I am breaking down and asking for help.

My setup is: wireless AP (DHCP on) -> NIC eth0 -> HP 486 w/Debian Lenny/5 -> NIC eth1 -> wireless router (DHCP on) -> DSL modem -> ... the world

At this point I have no idea what the stumbling block is. I did actually get a simple iptables router working once and I got wifidog working once but both cases broke without my having changed anything (at least that's my story and I'm sticking to it). When wifidog starts up, there is a 'failed' on every line ouput to the terminal as wifidog sets up its iptables rules. It is almost as if something is missing on my system but all the checks I can find, like lsmod | grep ip, which shows 11 modules, seem to indicate that everything is present.

Now, I do not know what question to ask and therein lies my dilemma. One thing that would be helpful to know is whether the syntax is different among the various NIXs. What would be really helpful is a shell script that works to set up a very fundamental router that basically connects two network interfaces and lets all traffic go in both directions (easy for me to figure out the logic) - I found a reference here to there being one in "the Security section" but I cannot seem to find my way there.

So there it is, not only do I need answers, I need the questions too. Please help if you can as I have come to the end my rope. Any insights offered will be most appreciated.

Best regards,
Dennis
 
Old 09-11-2010, 12:05 AM   #2
dmlinton
LQ Newbie
 
Registered: Sep 2010
Posts: 3

Original Poster
Rep: Reputation: 1
More info....

I found a brain dead simple two liner at http://www.cyberciti.biz/tips/linux-...-line-etc.html that is supposed to setup a simple router and goes like this (I added the flushing lines):
Code:
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
My /etc/network/interfaces is like this:
Code:
iface lo inet loopback

# eth1 connects to router connected to DSL modem
# it is shown as dynamic but router (192.168.1.1) reserves 192.168.1.196 for eth1
auto eth1
allow-hotplug eth1
iface eth1 inet dhcp

# eth0 is the internal network (hotspot network)
auto eth0
allow-hotplug eth0
iface eth0 inet static
  address 192.168.2.254
  netmask 255.255.255.0
  network 192.168.2.0
  broadcast 192.168.2.255
  dns-nameservers 192.168.1.196
route gives:
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth1
iptables -L -v returns:
Code:
Chain INPUT (policy ACCEPT 3503 packets, 553K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  eth0   any     anywhere             anywhere            

Chain OUTPUT (policy ACCEPT 2709 packets, 581K bytes)
 pkts bytes target     prot opt in     out     source               destination
... but I cannot get anywhere - cannot ping 192.168.1.196 or 192.168.1.1 from a computer on the 192.168.2.0 network.
Any ideas?
Regards,
Dennis
 
Old 09-11-2010, 10:00 AM   #3
dmlinton
LQ Newbie
 
Registered: Sep 2010
Posts: 3

Original Poster
Rep: Reputation: 1
Thumbs up Eureka!

Fixed it.

It seems that the problem may have been a single line missing:
Code:
iptables -X
Having finally found an example script that worked (http://www.debian-administration.org/articles/23), I went through line by line to find the "magic" bullet. The only common difference I could find relative to scripts that did not work was the iptables -X line.

BTW, I stowed the working firewall script in /etc/network/if-up.d as instructed in the page at the above noted link.

Regards,
Dennis
 
1 members found this post helpful.
  


Reply

Tags
iptables, router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Behind router firewall, do I need iptables etc? Rick809 Linux - Networking 2 08-21-2006 07:24 AM
Iptables Firewall Router Nat Problems Aps Linux - Networking 5 07-28-2006 03:49 AM
iptables on router: simple port forwarding not working hamish Linux - Networking 1 10-27-2005 06:06 AM
RH 9 Firewall/Router Iptables DMZ Dammas Linux - Software 0 03-30-2004 01:02 AM
Trying to setup a firewall router using iptables pmoss Linux - Networking 3 03-20-2002 12:15 AM


All times are GMT -5. The time now is 07:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration