Packet getting dropped using iptables
 

I use Fedora Core 3 and I am connected to the internet via DSL. My computer has two lan cards - One for the intenet connection - and one that I use to connect my Laptop.

I configured iptables to act as router but I am unable to connect to the internet from my Laptop.

The steps I took -

1) Enabled IP forwarding - echo 1 > /proc/sys/net/ipv4/ip_forward

2) iptables configuration -

./iptables -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE
./iptables -A FORWARD --in-interface eth1 -j ACCEPT

I even switched to using the ip addresses of my cards

./iptables -t nat -A POSTROUTING --out 172.16.15.5 -j MASQUERADE
./iptables -A FORWARD --in-interface 191.168.0.1 -j ACCEPT

3) I switched on logging-

./iptables -A INPUT -j LOG --log-prefix "INPUT_DROP: "
./iptables -A OUTPUT -j LOG --log-prefix "OUTPUT_DROP: "

4) I set up route -

./route add default gw 172.16.0.1 dev eth0
./route add -net 192.168.0.0 netmask 255.255.255.0 gw 172.16.0.1 dev eth0

But I am unable to connect to the net from my Laptop (Using WIndows XP)

I checked the logs and this is what I find.

Feb 2 14:11:01 server kernel: INPUT_DROP: IN=eth1 OUT= MAC=00:e0:4c:04:71:46:00:c0:9f:94:a4:17:08:00 SRC=192.168.0.2 DST=192.168.0.1 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=319 PROTO=UDP SPT=1040 DPT=53 LEN=48

Why is this happening?

it's a UDP packet destined to port 53 on the linux box... so i would assume the windoze box is trying to use a DNS daemon on the linux router... so you either need to make sure you have the dns daemon running on the router (and add the appropriate iptables rules to allow the windoze box to connect to it) or you need to configure the windoze box to use your ISP's DNS servers instead of 192.168.0.1...

just my :twocents:...