Debian Network Problem

**souldreamer** · 03-16-2003

e; iptables -t $table -L -n; echo; done
nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DROP all -- 192.168.0.0/16 0.0.0.0/0
DROP all -- 10.0.0.0/8 0.0.0.0/0
DROP all -- 172.16.0.0/12 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

filter
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL
ISHED
ACCEPT all -- 0.0.0.0/0 192.168.0.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

**Dolda2000** · 03-16-2003

Originally Posted by souldreamer

DROP all -- 192.168.0.0/16 0.0.0.0/0
DROP all -- 10.0.0.0/8 0.0.0.0/0
DROP all -- 172.16.0.0/12 0.0.0.0/0

That can't be right? Are you aware that it tells the kernel to drop all packets that should be routed?

**souldreamer** · 03-16-2003

Well... I use a script from a friend of mine... I did't noticed that

**souldreamer** · 03-16-2003

nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0
ACCEPT all -- 10.0.0.0/8 0.0.0.0/0
ACCEPT all -- 172.16.0.0/12 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

filter
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 192.168.0.0/24

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Is it right now?

**souldreamer** · 03-16-2003

Whaaaaaaaaaaaaaahoooooooooooooooooo. It's working now!!! Thank you guys. I could not make
it without your help!!!

**Dolda2000** · 03-16-2003

If you're just going to set them to ACCEPT, you can just as well remove those rules, since that chain's default action is ACCEPT.
Else, it's mainly correct, but maybe a little inappropriate; what kind of ISP do you have? Do your IP address change?

**souldreamer** · 03-16-2003

I have a cable connection. The ip changes only when i make a clean install of the OS.

**souldreamer** · 03-16-2003

One more question. This script only works with red hat. is there a toturial for this to other distros?

**Dolda2000** · 03-16-2003

There are oh so many tutorials on iptables. The best documentation that I know of is that in the manpage, though.
Since you have a relatively stable IP address, you should be using the SNAT target instead of MASQUERADE, but it's no big deal. SNAT is also described in the manpage.

Thread Tools

Display

Posting Permissions