firewall and nat
the script below is running on my router or should be running cause there is something i just could not figured out it is not working system is runing slackware 9.1 eth0 is the cable connection eth1 is my laptop connected to it eth1 has static ip and eth0 uses dhcp
when running it i cannot reach outside my network. can any one point me to the problem.. thx #!/bin/sh #Change the part after the = to the where you IPTABLES is on your system IPTABLES=/usr/sbin/iptables #bring up eth1 /sbin/ifconfig eth1 192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0 #eneable ipmasq $IPTABLES -F -t nat $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE echo 1 >/proc/sys/net/ipv4/ip_forward #flush existing rules $IPTABLES -F INPUT #This allows all data that has been sent out for the computer running the firewall # to come back #(for all of ICMP/TCP/UDP). #For example, if a ping request is made it will allow the reply back $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp $IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp #Allow traffic from ethernet adapter eth1 to pass through if #you have a network, or #as using linux as a router for internet etc. #Your first ethernet card is eth0 and the second would be eth1 etc. $IPTABLES -A INPUT -i eth1 -j ACCEPT #Allow incoming SSH requests $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT #Allow incoming HTTP requests (to Web server) $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT #Allow Ping echo #I have commented this line, so ping from an outside machine will not work. #Uncomment the next line to make ping from outside work. #$IPTABLES -A INPUT -p icmp -j ACCEPT #Drop and log all other data #The logging is set so if more than 5 packets are dropped in #three seconds they will be ignored. This helps to prevent a DOS attack #Crashing the computer the firewall is running on $IPTABLES -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG $IPTABLES -A INPUT -i ! lo -j DROP $IPTABLES -A FORWARD -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG $IPTABLES -A FORWARD -i ! lo -j DROP #The logs from the firewall are put into your system log file, which can be found at #/var/log/syslog |
Can you ping between the 2 computers? Could it be DNS? possibly? Try to ping an ip address from your laptop. google.com is 216.239.37.99. If you successfully ping that IP address then the DNS settings on your laptop are not properly set.
|
yeah i can ping between computer it is not dns cause /etc/resolve.conf looks fine.....
|
Does your rules include anyway to forward packets?
try adding something like this $IPTABLES -P FORWARD DROP $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -m state --state NEW -i ! eth0 -j ACCEPT |
All times are GMT -5. The time now is 10:40 PM. |