I had a WinXP box connected to the internet and use Internet Connection Sharing to make it act as gateway to my home LAN. All was fine, but exposing Windows to the outer world didn't feel so right. Now I tried to set up a debian (sid) box as the gateway instead.
So, I apt-get install ipmasq, and instantly have my debian box usable as gateway! However, I discovered that the boxen behind the debian gateway can't access some website, while other website can be viewed just fine.
example: mail,yahoo,com login,yahoo,com www,msn,com www,microsoft,com gave timeout error. The rest of the world, like slashdot or google or other random sites, seem fine (including www,hotmail,com www,yahoo,com).
Also, windowsupdate gave error 80072EE2 after the screen "Windows Update is looking for available update" and sign in to msn messenger failed on those boxen.
On debian box, all the above is working fine (minus windowsupdate), though. Switching back to Windows gateway and everything works just fine again.
Could anyone give me an idea how to investigate this problem? I would appreciate this very much!
---
(I think) related packages' versions
kernel-image-2.6.8 (custom built)
ipmasq 4.0.1
iptables 1.2.11-8
The following is output from iptables -t nat -L
Quote:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
output from iptables -t filter -L
Quote:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- localnet/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- localnet/24 anywhere LOG level warning
DROP all -- localnet/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere ppp-58.9.142.52.revip.asianet.co.th
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- localnet/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere localnet/24 LOG level warning
DROP all -- anywhere localnet/24
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere localnet/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- anywhere localnet/24 LOG level warning
DROP all -- anywhere localnet/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- ppp-58.9.142.52.revip.asianet.co.th anywhere
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
|