01-02-08 06:12 PM
Sébastien CARRE a écrit :
> Hello all,
>
> I wanted to install my new Gateway with Debian GNU/Linux 4.1
>
> But I got some problems...
>
> The first one was with the chipset NForce 4 and udev (new eth card on
> each boot because the MAC address was random!) ... After many searches I
> found the answer to this problem to bypass interfaces with random MAC...
>
> But now I want to get access to internet by using my Gateway, got two
> network interfaces eth0 (access to Internet with a cable modem / DHCP)
> and eth1_rename (LAN, i don't know why this interface is called
> "eth1_renamed"...) :
>
>
> eth0 Lien encap:Ethernet HWaddr 00:00:6C:F4:70:67
> inet adr:81.220.96.206 Bcast:81.220.96.255 Masque:255.255.255.
0
> adr inet6: fe80::200:6cff:fef4:7067/64 Scope:Lien
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:134922 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2743 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 lg file transmission:1000
> RX bytes:9916220 (9.4 MiB) TX bytes:387120 (378.0 KiB)
> Interruption:169 Adresse de base:0x6000
>
> eth1_rena Lien encap:Ethernet HWaddr 00:50:FC:6C:C6:07
> inet adr:192.168.10.1 Bcast:192.168.10.255 Masque:255.255.255.
0
> adr inet6: fe80::250:fcff:fe6c:c607/64 Scope:Lien
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:5368 errors:0 dropped:0 overruns:0 frame:0
> TX packets:5227 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 lg file transmission:1000
> RX bytes:606808 (592.5 KiB) TX bytes:2130595 (2.0 MiB)
> Interruption:193 Adresse de base:0xb000
>
>
> So I actived the ip_forwarding : echo 1 > /proc/sys/net/ipv4/ip_forward
>
> And configured IpTables like this with a init.d script :
>
> # !/bin/sh
>
> iptables -F
> iptables -t nat -F
> iptables -t mangle -F
>
> iptables -X
>
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> iptables -t nat -P PREROUTING ACCEPT
> iptables -t nat -P POSTROUTING ACCEPT
> iptables -t nat -P OUTPUT ACCEPT
>
> iptables -t mangle -P PREROUTING ACCEPT
> iptables -t mangle -P INPUT ACCEPT
> iptables -t mangle -P OUTPUT ACCEPT
> iptables -t mangle -P FORWARD ACCEPT
> iptables -t mangle -P POSTROUTING ACCEPT
>
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> iptables -A INPUT -i eth1_rename -j ACCEPT
> iptables -A OUTPUT -o eth1_rename -j ACCEPT
> iptables -A FORWARD -o eth0 -j ACCEPT
> iptables -A FORWARD -o eth1_rename -j ACCEPT
>
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
>
> But I can't access to the internet with clients! And when I want to ping
> an Internet IP address I get :
>
> ping: sendmsg: Operation not permitted
>
> If i disable the policy rules for the filter table, it works perfectly!
> I think that my problem is around iptables and masquerade rules but i
> don't found the answer ... 
>
> Just for information, the Kernel route table : (seems to be good!)
>
> Table de routage IP du noyau
> Destination Passerelle Genmask Indic Metric Ref Use
> Iface
> 81.220.96.0 * 255.255.255.0 U 0 0 0
> eth0
> localnet * 255.255.255.0 U 0 0 0
> eth1_rename
> default 81.220.96.1 0.0.0.0 UG 0 0 0
> eth0
>
>
> Any ideas ? 
>
> Thanks in advance for you're replys.
>
>
> Sebastien
Just a little mistake when used copy and paste for the configuration
file : please ignore the two lines :
> iptables -A FORWARD -o eth0 -j ACCEPT
> iptables -A FORWARD -o eth1_rename -j ACCEPT
It was just to test some rules
[ Post a follow-up to this message ]
| 
