|
Home > Archive > Linux Debian support > January 2008 > Internet Gateway - Iptables problem with masquerade
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Internet Gateway - Iptables problem with masquerade
|
|
| Sébastien CARRE 2008-01-02, 1:12 pm |
| Hello all,
I wanted to install my new Gateway with Debian GNU/Linux 4.1
But I got some problems...
The first one was with the chipset NForce 4 and udev (new eth card on
each boot because the MAC address was random!) ... After many searches I
found the answer to this problem to bypass interfaces with random MAC...
But now I want to get access to internet by using my Gateway, got two
network interfaces eth0 (access to Internet with a cable modem / DHCP)
and eth1_rename (LAN, i don't know why this interface is called
"eth1_renamed"...) :
eth0 Lien encap:Ethernet HWaddr 00:00:6C:F4:70:67
inet adr:81.220.96.206 Bcast:81.220.96.255 Masque:255.255.255.0
adr inet6: fe80::200:6cff:fef4:7067/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:134922 errors:0 dropped:0 overruns:0 frame:0
TX packets:2743 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:9916220 (9.4 MiB) TX bytes:387120 (378.0 KiB)
Interruption:169 Adresse de base:0x6000
eth1_rena Lien encap:Ethernet HWaddr 00:50:FC:6C:C6:07
inet adr:192.168.10.1 Bcast:192.168.10.255 Masque:255.255.255.0
adr inet6: fe80::250:fcff:fe6c:c607/64 Scope:Lien
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5368 errors:0 dropped:0 overruns:0 frame:0
TX packets:5227 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:1000
RX bytes:606808 (592.5 KiB) TX bytes:2130595 (2.0 MiB)
Interruption:193 Adresse de base:0xb000
So I actived the ip_forwarding : echo 1 > /proc/sys/net/ipv4/ip_forward
And configured IpTables like this with a init.d script :
# !/bin/sh
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P INPUT ACCEPT
iptables -t mangle -P OUTPUT ACCEPT
iptables -t mangle -P FORWARD ACCEPT
iptables -t mangle -P POSTROUTING ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i eth1_rename -j ACCEPT
iptables -A OUTPUT -o eth1_rename -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -A FORWARD -o eth1_rename -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
But I can't access to the internet with clients! And when I want to ping
an Internet IP address I get :
ping: sendmsg: Operation not permitted
If i disable the policy rules for the filter table, it works perfectly!
I think that my problem is around iptables and masquerade rules but i
don't found the answer ... 
Just for information, the Kernel route table : (seems to be good!)
Table de routage IP du noyau
Destination Passerelle Genmask Indic Metric Ref Use
Iface
81.220.96.0 * 255.255.255.0 U 0 0 0 eth0
localnet * 255.255.255.0 U 0 0 0
eth1_rename
default 81.220.96.1 0.0.0.0 UG 0 0 0 eth0
Any ideas ? 
Thanks in advance for you're replys.
Sebastien
| |
|
|
|
|
|