Here, please take a look at my IPtables config...
#!/bin/bash
# $Id: iptables-rules.sh,v 1.1 2002/06/18 11:36:51 eric Exp $
# location of ipchains
IPTABLES=/sbin/iptables
# flush all rules
$IPTABLES -F
$IPTABLES -F -t nat
# allow from localhost
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -s 192.168.0.0/24 -j ACCEPT
#$IPTABLES -A INPUT -s 192.168.1.0/24 -j ACCEPT
$IPTABLES -A INPUT -s 192.168.2.0/24 -j ACCEPT
# turn on IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
ip route add 192.168.0.1/24 via 192.168.1.1 2>/dev/null >/dev/null
#Transparent Proxying
# $IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
# $IPTABLES -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
# stateful: allow incoming from establish connections
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# TRAFFIC SHAPING
# Mark acknowledge packets of an established session between 40 and 100 bytes:
$IPTABLES -t mangle -A PREROUTING -p tcp --tcp-flags ALL ACK -m state --state ESTABLISHED -m length --length 8:10 -j MARK --se
t-mark 20
# Mark SSH packets that starts new sessions with a packet length between 40 and 68 bytes:
$IPTABLES -t mangle -A PREROUTING -p tcp --dport 22 --syn -m state --state NEW -m length --length 40:68 -j MARK --set-mark 22
# location of ipchains
IPTABLES=/sbin/iptables
# flush all rules
$IPTABLES -F
$IPTABLES -F -t nat
# allow from localhost
$IPTABLES -A INPUT -i lo -j ACCEPT
# stateful: allow incoming from establish connections
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -s 192.168.3.0/24 -j MARK --set-mark 20
# allow icmp
# 0 - echo-request (pong)
# 3 - destination-unreachable
# 4 - source-quench
# 5 - redirect
# 8 - echo-request (ping)
# 11 - time-exceeded
# 12 - parameter-problem
$IPTABLES -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 3 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 4 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 8 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p icmp --icmp-type 12 -j ACCEPT
$IPTABLES -A INPUT -p icmp -j DROP
# log
$IPTABLES -A INPUT -p udp --dport 137:139 -j DROP
$IPTABLES -A INPUT -p tcp --dport 135 -j DROP
$IPTABLES -A INPUT -p tcp --dport 139 -j DROP
$IPTABLES -A INPUT -p tcp --dport 2600 -j DROP
# block all incoming connections
$IPTABLES -A INPUT -p tcp --dport 22 -j LOG
$IPTABLES -A INPUT -p tcp --dport 10000 -j LOG
$IPTABLES -A INPUT -p tcp --dport 7000 -j LOG
#$IPTABLES -A INPUT -j LOG --log-level 6 --log-prefix "iptables "
$IPTABLES -A INPUT -j DROP
All firewalls exept my iptables is off.
My PC can ping ip addresses on the internet but only the DNS server is not responding. I have a test PC using different subnet of my PC router (i devided my ip's into 2 subnets, 1 subnet for my PC router and one for my test PC), im using same DNS server and it works.
Here is my network diagram...
ISP --------------- PC router ----------------- Router --------------- My PC
Any help would be appriciated.
Thanks.