| devscripts |
04-08-2003 06:51 PM |
IPTables and a failing forwarding
OK here's the setup I've got:
Linux PC (Router)
ppp0 - Connected to Internet (81.86.something)
eth0 - Internal Network (192.169.0.3)
Linux Laptop
eth0 - Internal Network (192.168.0.2)
gateway 192.168.0.3
Windows XP
eth0 - Internal Network (192.168.0.1)
gateway 192.168.0.3
OK I've set up the PC via a hub. All PC's can see, and ping each other.
Linux PC can access web and ping external IP's and resolve domain names.
Linux Laptop and XP can ping internally but not externally.
I've borrowed a rc.firewall script off a mate who has a similar setup and it's working perfectly, but my forwarding isn't working for some reason.
Here's the output when I do iptables -L
Code:
[root@linux etc]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.0.0.0/8 anywhere
drop-log all -- 192.0.0.0/8 anywhere
ICMP_FILTER icmp -- anywhere 81-86-114-166.dsl.pipex.com
ACCEPT all -- anywhere 81-86-114-166.dsl.pipex.comstate RELATED,ESTABLISHED
SERVICES all -- anywhere anywhere
TRUSTED all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:bootpc dpt:bootps
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:bootps
drop-log all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
drop-log all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 81-86-114-166.dsl.pipex.com 192.0.0.0/8
ACCEPT all -- 192.0.0.0/8 192.0.0.0/8
drop-log all -- anywhere 192.0.0.0/8
ACCEPT all -- 81-86-114-166.dsl.pipex.com anywhere
ACCEPT tcp -- 192.0.0.0/8 255.255.255.255 tcp spt:bootps dpt:bootpc
ACCEPT udp -- 192.0.0.0/8 255.255.255.255 udp spt:bootps dpt:bootpc
drop-log all -- anywhere anywhere
Chain ICMP_FILTER (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 2/sec burst 5
REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
Chain SERVICES (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ntp
ACCEPT udp -- anywhere anywhere udp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:pop3s
ACCEPT udp -- anywhere anywhere udp dpt:imap
ACCEPT udp -- anywhere anywhere udp dpt:imap3
ACCEPT udp -- anywhere anywhere udp dpt:imaps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:ntp
REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with tcp-reset
ACCEPT udp -- anywhere anywhere udp dpts:1025:65535
ACCEPT udp -- anywhere anywhere udp dpt:ntp
Chain TRUSTED (1 references)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 anywhere
Chain drop-log (5 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-dgm
LOG all -- anywhere anywhere LOG level info
DROP all -- anywhere anywhere
Dunno if that helps, but it might show you guys why it's not working lol
Anyone got any idea's on how I can get my internal network on the internet??
Any idea's gratefully received.
:Pengy: |
