IPTABLES Interet access / VPN access

vlady_s · 01-24-2008, 09:12 AM

Hello all,
I'm new to this forum and also new working with IPTABLES. I have a fedora core 2 Server . The configuration of my network is as follow :

Internet provider : Comcast Cable Modem
Behind my cable modem I have a Belkin 5 port Router with DHCP running and I have one Laptop (LAPTOP1) connected to this router. subnet is 192.168.1.x/24
My Fedora server ETH1 (192.168.1.51) is connected to the router as the WAN Interface.
I have a second Interface on my Fedora, ETH0 (192.168.0.10), this interface is the LAN going to a 8-port switch. Subnet is 192.168.0.x/24. Behind this switch I have a laptop (LAPTOP2) getting DHCP IP from fedora .

MY goal is to VPN in to my LAPTOP2 on for that I have a VPN server running on the Fedora server.

The problem I'm currently having with this configuration is that I'm not able to access the web from LAPTOP2 and I think it has to do with IPTABLES. here is a copy of my IPTABLE. I kind of use it from a sample I found on this forum. I hope its somthing simple to fix.
Thank you in advance !! .

# Diable forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

LAN_IP_NET='192.168.0.10/24'
LAN_NIC='eth0'
WAN_IP='192.168.1.1'
WAN_NIC='eth1'

# load some modules (if needed)

# Flush
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# enable Masquerade and forwarding
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# STATE RELATED for router
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i $LAN_NIC -s $LAN_IP_NET -j ACCEPT

# sshd
iptables -A tcp_inbound -p TCP -s 0/0 --destination-port 22 -j ACCEPT

# Enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Ronin_tekorei · 01-24-2008, 03:17 PM

hello

first, do you have the squid instaled and configured? or any proxy that you use?
In the iptables you are masquarading your laptop2 to the router, so all the packages that your laptop2 send to the internet or the router is going as yout server ip.
All the packets that your laptop2 forward to any location is forwarded, so your VPN will work. but in order to have internet you need a proxy instaled in your server linux, i personally prefer squid

Please, put more information about it

vlady_s · 01-24-2008, 08:12 PM

Ronin_tekorei ,
Thank for your reply. My Server has squid, not using it tough, I tried to start it but I get an error message. I have to look into the squid.conf file to see what is going on there , will keep you posted .