Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What I need is help developing my troubleshooting process so I can figure this out on my own from now on. I want to learn how to fish rather than have someone hand me one, so to speak. Still, any insights at all would be helpful. ;-)
Environment:
Ubuntu
WAN: eth0
LAN: eth1 which is connected to a switch via a cross-over cable.
Currently all other machines are plugged into the switch.
Problem: I've a Vista Notebook that I'm trying to share my connection with. I've got DNS which is to say that I can ping the gateway box by it's dns name but no apparent connection besides.
I'm a Software developer but this is my first time with iptables. Seems like a great tool. Would really like to get to know how to use it. I've been operating out of a book so far but it doesn't provide much context for debug output.
Debug output:
jim@obsidian:~$ sudo /etc/init.d/firewall
jim@obsidian:~$ sudo iptables -t filter -L -v -n --line-numbers
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:22 state NEW
3 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1023:65534 dpt:53 state NEW
4 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1023:65534 dpt:53 state NEW
5 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
6 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
7 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
8 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
9 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 15/min burst 5 LOG flags 0 level 7 prefix `INPUT - Dropped : '
10 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
3 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 15/min burst 5 LOG flags 0 level 7 prefix `FORWARD - Dropped : '
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
It looks to me like you've got your interfaces backwards in your rules, unless you made a mistake in your description. Also, you should probably let us look at your NAT table configuration too. You can do so by posting the output of:
Code:
iptables -nvL -t nat
BTW, you're sure you've got IP forwarding enabled, right? You can check with:
It looks to me like you've got your interfaces backwards in your rules, unless you made a mistake in your description. Also, you should probably let us look at your NAT table configuration too. You can do so by posting the output of:
Code:
iptables -nvL -t nat
BTW, you're sure you've got IP forwarding enabled, right? You can check with:
Code:
cat /proc/sys/net/ipv4/ip_forward
Yep. Just figured out that the interfaces were bass ackwards in the script. This also explains why the debug output didn't make any sense to me. Still kicking myself. Still no network connectivity though. I have verified that DNS works without the firewall, BTW but I can see now in the logs where it is being blocked though. Going to try and poke a hole in the firewall to let it through.
Bingo! I added the ISP's DNS server to the list of DNS servers used on my Vista client's network interface and Viola! Instant access. As soon as I figure out how to put a hole in the firewall, it should work now. We'll see.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.