LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-30-2003, 07:24 AM   #1
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Rep: Reputation: 15
Some networking questions


Hello there,

When searching to resolv the pb listed in this thread http://www.linuxquestions.org/questi...hreadid=128167

and I have some basics (?) questions :
1. is it a problem that local IP address are something like : 192.168.0.x ? Is the 0 possible in a IP address ?

2. what is the MTU parameter showed with ifconfig -a ?

3. ppp0 has MTU=1492 and eth0 has MTU=1500. Must those values be the same ?

4. How to change the MTU value for an IP interface and how to make this change persistant ?

Thank's for all.
 
Old 12-30-2003, 08:21 AM   #2
yuray
Member
 
Registered: Apr 2003
Location: Russia, Khotkovo
Distribution: Debian
Posts: 146

Rep: Reputation: 15
About http://www.linuxquestions.org/quest...threadid=128167
Do you make ping from broken windows machine to broken sites ?

>1. is it a problem that local IP address are something like : 192.168.0.x ?
No problem. Only check what address give you ADSL provider.(must not from 192.168.0.x)
>Is the 0 possible in a IP address ?
No. IP address of host can`not be 0.
>2. what is the MTU parameter showed with ifconfig -a ?
Maximum Transfer Unit . Maximum size of packet. (for ethernet 1500)
>3. ppp0 has MTU=1492 and eth0 has MTU=1500. Must those values be the same ?
No. You router must fragmented IP packet if he is more then 1492.
>4. How to change the MTU value for an IP interface and how to make this change persistant ?
Why you need for ?
 
Old 12-30-2003, 08:39 AM   #3
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by yuray
About http://www.linuxquestions.org/quest...threadid=128167
Do you make ping from broken windows machine to broken sites ?

>1. is it a problem that local IP address are something like : 192.168.0.x ?
No problem. Only check what address give you ADSL provider.(must not from 192.168.0.x)
>Is the 0 possible in a IP address ?
No. IP address of host can`not be 0.
>2. what is the MTU parameter showed with ifconfig -a ?
Maximum Transfer Unit . Maximum size of packet. (for ethernet 1500)
>3. ppp0 has MTU=1492 and eth0 has MTU=1500. Must those values be the same ?
No. You router must fragmented IP packet if he is more then 1492.
>4. How to change the MTU value for an IP interface and how to make this change persistant ?
Why you need for ?
Thank's for your answers,

But you says in 1. that there is no problem to have an IP like 192.168.0.1 and in 2. that it's not possible to have 0 in IP address. This seem's contradictoir to me. My question is : is an IP address like 192.168.0.1 legal or do I have to replace the 0 with something else ?

4. It was in case that both MTU (ppp0 and eth0) must be the same.

Do you have an idea for the problem listed in the thread : http://www.linuxquestions.org/quest...threadid=128167

Thank's for all
 
Old 12-30-2003, 09:11 AM   #4
Gates1026
Member
 
Registered: Sep 2003
Location: Iowa
Distribution: Slackware 9.1
Posts: 155

Rep: Reputation: 30
an address like 192.168.0.1 is legal, you just dont want to start an IP address with a 0 or end it with a 0. You also cannot use 255 for the IP b/c it is reserved
 
Old 12-30-2003, 01:11 PM   #5
slightcrazed
Member
 
Registered: May 2003
Location: Lisbon Falls, Maine
Distribution: RH 8.0, 9.0, FC2 - 4, Slack 9.0 - 10.2, Knoppix 3.4 - 4.0, LFS,
Posts: 789

Rep: Reputation: 30
255 = broadcast, meaning that packets are sent to every host on the subnet.

Gates is right, 0 can be used as long as it is not the end of the host portion. Often times a subnet is referred to by including the 0 (ie, 192.168.0.0 would refer to the subnet, and 192.168.0.1 would be a host on that subnet, and 192.168.0.255 would be the broadcast address for the subnet).

slight
 
Old 12-31-2003, 12:10 AM   #6
yuray
Member
 
Registered: Apr 2003
Location: Russia, Khotkovo
Distribution: Debian
Posts: 146

Rep: Reputation: 15
Quote:
But you says in 1. that there is no problem to have an IP like 192.168.0.1 and in 2. that it's not possible to have 0 in IP address. This seem's contradictoir to me. My question is : is an IP address like 192.168.0.1 legal or do I have to replace the 0 with something else ?
In post http://www.linuxquestions.org/quest...threadid=128167 you write about
you have mask 255.255.255.0. In this case you may use legally ip from 192.168.0.1 to 192.168.0.254.
O in thrid octet belong to network part of address and with mask 255.255.255.0 is absolutly legally too.

Quote:
4. It was in case that both MTU (ppp0 and eth0) must be the same.
This is not necessarily so. But if you want - just read man ifconfig.

Quote:
Do you have an idea for the problem listed in the thread : http://www.linuxquestions.org/quest...threadid=128167
Do you make ping test from windows machines to Inernet urls ?
 
Old 12-31-2003, 11:53 AM   #7
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by yuray

Do you make ping test from windows machines to Inernet urls ?
Yes all seems to be all right
 
Old 01-02-2004, 04:08 AM   #8
yuray
Member
 
Registered: Apr 2003
Location: Russia, Khotkovo
Distribution: Debian
Posts: 146

Rep: Reputation: 15
Ok.
Try to sniffing traffic on inbound interface and adsl connection
In one window
tcpdump -vvv -i eth0(your local_net) host ip(one of windows box)
and other window
tcpdump -vvv -i ppp0(your adsl)
and from windows box check access to yahoo url.

What you see ? Can you give small dump ? (and result of ifconfig)
 
Old 01-02-2004, 07:05 AM   #9
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by yuray
Ok.
Try to sniffing traffic on inbound interface and adsl connection
In one window
tcpdump -vvv -i eth0(your local_net) host ip(one of windows box)
and other window
tcpdump -vvv -i ppp0(your adsl)
and from windows box check access to yahoo url.

What you see ? Can you give small dump ? (and result of ifconfig)
I don't have tcpdump installed. Where can I find it ?
 
Old 01-02-2004, 07:26 AM   #10
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
OK I got it.
Sorry we will have to wait on monday to have people working. I cannot access this from home.
 
Old 01-03-2004, 06:28 PM   #11
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
2 ideas while waiting for users ....

While waiting for monday I have two ideas :
1. can it be a masquerading problem ?

My Linux box has an constant IP and I've read some articles saying that with constant IP with hav to use SNAT and not MASQUERADING ?

But I'm not shure the solution apply to me, they were talking about redirection also ...

What do you think about that ?

2. the port 113 (auth) was blocked is the OUTPUT rules with messages in /var/log/messages. I've read there that in this case http request could not work.
You could notice that by default all OUTPUT connections are DROPPED in my iptables config.
So perhaps do I need to open this port in OUTPUT ?
Does people have generally all OUTPUT ACCEPT and not DROP ?
 
Old 01-04-2004, 08:32 AM   #12
yuray
Member
 
Registered: Apr 2003
Location: Russia, Khotkovo
Distribution: Debian
Posts: 146

Rep: Reputation: 15
I don`t think so.
You problem is not with all url. If you was have masquerading problem then windows machines can not
work at all.
I don`t know what is port 133 do.
HTTP -80 HTTPS -443 and thats all what need for web.
By the way, you forget https (hope, this solve the problem )
-A OUTPUT -p tcp -m tcp -o ppp0 --dport https -j ACCEPT
 
Old 01-04-2004, 09:59 AM   #13
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
I've already add the https which was missing, and it does not correct my problem.
See you tomorrow with real users ...

Thank's in advance for your help.
 
Old 01-05-2004, 06:15 AM   #14
yuray
Member
 
Registered: Apr 2003
Location: Russia, Khotkovo
Distribution: Debian
Posts: 146

Rep: Reputation: 15
Hello.
I read a little more about iptables
Try to check very simple and insecure configuration.
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
( or iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source your_static_ip )
iptables -A FORWARD -j LOG --log-level info

In /var/log/messages (I don`t know where you syslog stored info, chekc /etc/syslog.conf ) you
will see requests and replys.
 
Old 01-05-2004, 08:40 AM   #15
jmcollin92
Member
 
Registered: Oct 2003
Distribution: Mandrake 9.1
Posts: 76

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by yuray
Ok.
Try to sniffing traffic on inbound interface and adsl connection
In one window
tcpdump -vvv -i eth0(your local_net) host ip(one of windows box)
and other window
tcpdump -vvv -i ppp0(your adsl)
and from windows box check access to yahoo url.

What you see ? Can you give small dump ? (and result of ifconfig)
Here are the traces requested :

On eth0 with the command tcpdump -vvv -i eth0 (only ticeropo1 was working) :
Code:
15:23:46.986313 ticeropo1.ticero.com.1028 > ticerosrv1.ticero.com.domain: [udp sum ok]  39+ A? www.nordparis.banquepopulaire.fr. (50) (ttl 128, id 49462, len 78)
15:23:46.986561 ticerosrv1.ticero.com.domain > ticeropo1.ticero.com.1028:  39 q: A? www.nordparis.banquepopulaire.fr. 1/3/0 www.nordparis.banquepopulaire.fr.[|domain] (DF) (ttl 64, id 0, len 158)
15:23:46.987699 ticeropo1.ticero.com.3197 > 194.51.109.131.http: S [tcp sum ok] 1484651153:1484651153(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 49463, len 48)
15:23:47.122241 194.51.109.131.http > ticeropo1.ticero.com.3197: S [tcp sum ok] 3663766469:3663766469(0) ack 1484651154 win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 117, id 13569, len 48)
15:23:47.122453 ticeropo1.ticero.com.3197 > 194.51.109.131.http: . [tcp sum ok] 1:1(0) ack 1 win 65535 (DF) (ttl 128, id 49465, len 40)
15:23:47.124300 ticeropo1.ticero.com.3197 > 194.51.109.131.http: P 1:367(366) ack 1 win 65535 (DF) (ttl 128, id 49466, len 406)
15:23:47.410177 194.51.109.131.http > ticeropo1.ticero.com.3197: . [tcp sum ok] 1:1(0) ack 367 win 65169 (DF) (ttl 117, id 13602, len 40)
15:24:46.627600 ticeropo1.ticero.com.netbios-dgm > 192.168.0.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x1102 ID=0x80BD IP=192 (0xc0).168 (0xa8).0 (0x0).3 (0x3) Port=138 (0x8a) Length=196 (0xc4) Res2=0x0
SourceName=TICEROPO1       NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length

 (ttl 128, id 49606, len 238)
15:27:54.431914 arp who-has ticerosrv1.ticero.com tell ticeropo1.ticero.com
15:27:54.431931 arp reply ticerosrv1.ticero.com is-at 0:8:a1:40:67:d9
15:28:56.006362 ticeropo1.ticero.com.1028 > ticerosrv1.ticero.com.domain: [udp sum ok]  40+ A? maj.securitoo.com. (35) (ttl 128, id 50089, len 63)
15:28:56.154067 ticerosrv1.ticero.com.domain > ticeropo1.ticero.com.1028:  40 q: A? maj.securitoo.com. 1/2/0 maj.securitoo.com. A maj.securitoo.com ns: securitoo.com.[|domain] (DF) (ttl 64, id 0, len 132)
15:29:01.150582 arp who-has ticeropo1.ticero.com tell ticerosrv1.ticero.com
15:29:01.150727 arp reply ticeropo1.ticero.com is-at 0:a0:cc:5b:7b:8a
15:29:55.534641 ticeropo1.ticero.com.1028 > ticerosrv1.ticero.com.domain: [udp sum ok]  41+ A? bwcluster.securitoo.com. (41) (ttl 128, id 50195, len 69)
15:29:55.599256 ticerosrv1.ticero.com.domain > ticeropo1.ticero.com.1028:  41 q: A? bwcluster.securitoo.com. 1/2/0 bwcluster.securitoo.com. A[|domain] (DF) (ttl 64, id 0, len 138)
15:29:55.600955 ticeropo1.ticero.com.9370 > bwcluster.securitoo.com.codaauth2: [udp sum ok] udp 45 (ttl 128, id 50196, len 73)
15:29:55.679035 bwcluster.securitoo.com.codaauth2 > ticeropo1.ticero.com.9370: [udp sum ok] udp 12 (ttl 117, id 2629, len 40)

1667 packets received by filter
778 packets dropped by kernel
on ppp0 (with the command tcpdump -vvv -i ppp0 port not ssh
because I get this trace connected by ssh) :
[CODE]
15:23:46.987738 217.128.230.16.3197 > 194.51.109.131.http: S [tcp sum ok] 1484651153:1484651153(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 127, id 49463, len 48)
15:23:46.988172 217.128.230.16.32850 > 198.6.1.83.domain: 49373 [1au] PTR? 131.109.51.194.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:47.122217 194.51.109.131.http > 217.128.230.16.3197: S [tcp sum ok] 3663766469:3663766469(0) ack 1484651154 win 65535 <mss 1460,nop,nop,sackOK> (DF) (ttl 118, id 13569, len 48)
15:23:47.122464 217.128.230.16.3197 > 194.51.109.131.http: . [tcp sum ok] 1:1(0) ack 1 win 65535 (DF) (ttl 127, id 49465, len 40)
15:23:47.124311 217.128.230.16.3197 > 194.51.109.131.http: P 1:367(366) ack 1 win 65535 (DF) (ttl 127, id 49466, len 406)
15:23:47.186227 198.6.1.83.domain > 217.128.230.16.32850: 49373-% q: PTR? 131.109.51.194.in-addr.arpa. 0/5/3 ns: 51.194.in-addr.arpa.[|domain] (DF) (ttl 235, id 11963, len 247)
15:23:47.186568 217.128.230.16.32850 > 192.134.0.49.domain: 30993 [1au] PTR? 131.109.51.194.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:47.410162 194.51.109.131.http > 217.128.230.16.3197: . [tcp sum ok] 1:1(0) ack 367 win 65169 (DF) (ttl 118, id 13602, len 40)
15:23:49.190707 217.128.230.16.32850 > 193.0.0.193.domain: 31478 [1au] PTR? 131.109.51.194.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:49.480592 217.128.230.16.43695 > 217.167.52.114.auth: S [tcp sum ok] 2113102382:2113102382(0) win 5808 <mss 1452,sackOK,timestamp 136782637 0,nop,wscale 0> (DF) (ttl 64, id 16432, len 60)
15:23:51.200703 217.128.230.16.32850 > 194.51.3.49.domain: 57011 [1au] PTR? 131.109.51.194.in-addr.arpa. ar: . (56) (DF) (ttl 64, id 0, len 84)
15:23:51.265468 194.51.3.49.domain > 217.128.230.16.32850: 57011*- q: PTR? 131.109.51.194.in-addr.arpa. 1/2/3 131.109.51.194.in-addr.arpa.[|domain] (ttl 58, id 1869, len 199)
15:23:51.265784 217.128.230.16.32850 > 194.52.1.10.domain: 41731 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.361448 194.52.1.10.domain > 217.128.230.16.32850: 41731 q:[|domain] (DF) (ttl 243, id 23322, len 169)
15:23:51.361669 217.128.230.16.32850 > 194.51.3.49.domain: 48061 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.425435 194.51.3.49.domain > 217.128.230.16.32850: 48061- q:[|domain] (ttl 58, id 2009, len 181)
15:23:51.425694 217.128.230.16.32850 > 194.51.3.65.domain: 37938 [1au][|domain] (DF) (ttl 64, id 0, len 92)
15:23:51.425785 217.128.230.16.32850 > 193.176.144.6.domain: [udp sum ok] 51737 [1au] A? ceprox01.cerius.fr. ar: . OPT UDPsize=2048 (47) (DF) (ttl 64, id 0, len 75)
15:23:51.489425 194.51.3.65.domain > 217.128.230.16.32850: 37938 NXDomain*- q:[|domain] (DF) (ttl 248, id 13937, len 155)
15:23:51.505436 193.176.144.6.domain > 217.128.230.16.32850: 51737-% q: A? ceprox01.cerius.fr. 1/2/3 ceprox01.cerius.fr. A 194.51.109.157[|domain] (ttl 49, id 23295, len 162)
15:23:55.480591 217.128.230.16.43695 > 217.167.52.114.auth: S [tcp sum ok] 2113102382:2113102382(0) win 5808 <mss 1452,sackOK,timestamp 136783237 0,nop,wscale 0> (DF) (ttl 64, id 16433, len 60)

424 packets received by filter
87 packets dropped by kernel
[/CODE

in /var/log/messages :
Code:
Jan  5 15:21:43 ticerosrv1 kernel: device ppp0 left promiscuous mode
Jan  5 15:21:49 ticerosrv1 kernel: device ppp0 entered promiscuous mode
Jan  5 15:21:54 ticerosrv1 kernel: device ppp0 left promiscuous mode
Jan  5 15:22:00 ticerosrv1 CROND[8637]: (root) CMD (   /usr/share/msec/promisc_check.sh)
Jan  5 15:22:36 ticerosrv1 kernel: device ppp0 entered promiscuous mode
Jan  5 15:23:00 ticerosrv1 CROND[8662]: (root) CMD (   /usr/share/msec/promisc_check.sh)
Jan  5 15:24:00 ticerosrv1 CROND[8668]: (root) CMD (   /usr/share/msec/promisc_check.sh)
First question :
the tcpdump command says xxx paquets dropped and normally I should see this paquet on /var/log/messages. I'm shure this is working in my firewall configuration :
Code:
[root@ticerosrv1 root]# iptables-save
# Generated by iptables-save v1.2.7a on Mon Jan  5 15:40:48 2004
*filter
:INPUT DROP [758:46414]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p udp -m udp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 901 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -i ppp0 -j DROP
-A INPUT -i ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i ppp0 -p icmp -m limit --limit 1/sec -j ACCEPT
-A INPUT -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "IPTABLES-INPUT : " --log-level 3
-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -o ppp0 -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "IPTABLES-FORWARD : " --log-level 3
-A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o ppp0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 192.168.0.0/255.255.255.0 -o eth0 -p tcp -m tcp -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 110 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o ppp0 -p tcp -m tcp --dport 113 -j ACCEPT
-A OUTPUT -o ppp0 -p udp -m udp --dport 113 -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth0 -p tcp -m tcp --dport 137:138 -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth0 -p udp -m udp --dport 137:138 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A OUTPUT -m limit --limit 1/sec --limit-burst 3 -j LOG --log-prefix "IPTABLES-OUTPUT : " --log-level 3
COMMIT
# Completed on Mon Jan  5 15:40:48 2004
# Generated by iptables-save v1.2.7a on Mon Jan  5 15:40:48 2004
*mangle
:PREROUTING ACCEPT [39470:9001082]
:INPUT ACCEPT [34369:6434525]
:FORWARD ACCEPT [5035:2539065]
:OUTPUT ACCEPT [35248:10535825]
:POSTROUTING ACCEPT [40309:13075410]
COMMIT
# Completed on Mon Jan  5 15:40:48 2004
# Generated by iptables-save v1.2.7a on Mon Jan  5 15:40:48 2004
*nat
:PREROUTING ACCEPT [1972:148644]
:POSTROUTING ACCEPT [928:58597]
:OUTPUT ACCEPT [2190:149102]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Jan  5 15:40:48 2004
Thank's for all
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Networking Questions dklofas Linux - Networking 1 11-16-2005 11:32 PM
Networking questions tad604 Debian 13 04-22-2005 08:27 AM
networking questions? shanenin Linux - Software 5 08-07-2004 05:40 PM
Networking Questions (simplish) lrt2003 Linux - Networking 2 04-26-2004 04:27 PM
two networking questions h_lina_k Linux - Newbie 5 02-10-2004 07:04 PM


All times are GMT -5. The time now is 06:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration