Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have setup a linuxbox running a dhcp and dns server for the internal LAN to work as Router/Gateway for the LAN.
The box has two network interfaces (eth0 - connected to the LAN - and eth1 directly connected to the ADSL Modem) the internet connection is initiated with pptp and when the connection is established itīs reachable via ppp0.
I have then setup this iptables rules, but for some reason forwarding to the internal LAN wonīt work, i get the correct IPīs and so on, but nothing comes back from the router and i have no idea why.
# EXTERNAL=eth1 directly connected to ADSL-Modem
# INTERNAL=eth0
# Internet=ppp0 after initiating the connection with pptp
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -i eth0 -p all -j ACCEPT
iptables -A OUTPUT -o eth0 -p all -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A INPUT -p all -s localhost -i ppp0 -j DROP
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
So everything from the internet should be blocked expect the connections initiated by one of the boxes on the LAN and of course the router, and everything from the internal net to the router should be accepted.
iptables -A INPUT -p all -s localhost -i ppp0 -j DROP
What are you trying to do with that line ?
It looks like any input that comes from localhost via the interface ppp0 is dropped.
How can that be ? How can a packet be sourced from localhost but come in through ppp0 ? Surely in the best case that drops all packets coming in from the world.
please understand I am learning just as much as you are here.
I am no guru, but I like a nice problem.
Luckily I have the time to find these things out at the moment.
I'm as pleased as you are.
Glad I could help.
regards
Alan
ps. did you put those lines before the masquerade line in the end ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.