IPTABLES

[RobMcNeil]

ok, so i dunno what im doing wrong, but hopefully someone here knows
im trying to network my 2 computers together using iptables,
i have my debian box with 2 NICs and a crossover linking both computers.
i have the windows xp computer DNS Servers set to my ISP's dns servers.
the ip address is set as 192.168.1.1 -- the card its connectd to is eth1 on the nix box
here is my ifconfig:

Code:

eth0      Link encap:Ethernet  HWaddr 00:4F:4E:09:4C:53
          inet addr:24.224.253.124  Bcast:255.255.255.255  Mask:255.255.248.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2097428 errors:0 dropped:0 overruns:0 frame:0
          TX packets:81305 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:311996189 (297.5 MiB)  TX bytes:6050878 (5.7 MiB)
          Interrupt:10 Base address:0x8400

eth1      Link encap:Ethernet  HWaddr 00:05:5D:FC:7F:B2
          inet addr:192.168.1.11  Bcast:255.255.255.0  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:102469 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14887 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:9313511 (8.8 MiB)  TX bytes:15719009 (14.9 MiB)
          Interrupt:15 Base address:0x3000

also, im using a little script i found somewhere to allow forwarding of packets..
here is the script:

Code:

#!/bin/sh
IPTABLES=/sbin/iptables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_nat
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD
$IPTABLES -F -t nat
$IPTABLES -A INPUT -i lo -p all -j ACCEPT
$IPTABLES -A OUTPUT -o lo -p all -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IPTABLES -t filter -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -t filter -A FORWARD -i eth1 -o eth0 -j ACCEPT

any help would be great,
thanks

[dan@george]

First off, some questions: What errors are you getting? What are the symptoms of your problem? Can the computers see each other at all? Can you post the output of "/sbin/iptables -L"? Etc...

By the way, that "$IPTABLES -P INPUT ACCEPT" line is treacherous for your network security -- it sets your default policy for incoming packets to ACCEPT, which means you'll automatically accept all packets from all sources on all ports. Typically you should use

Code:

iptables -P INPUT DROP

and explicitly add acceptance rules for all the types of packets you want to accept; but your question isn't about security so I guess this is an unnecessary digression...

[RobMcNeil]

yea right now im not that worried about th secure part of if... its useless being secure if it doesnt work
but yea, here's what u asked for
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere



i have it all set to accept, until i get everything up and running properly

[dan@george]

Oh, well if that's the output of iptables -L, it looks like either you haven't run the script or it isn't doing what it's supposed to. Did you run it as root? What's the output when you run the script, and does iptables -L look any different after you do?

Also, make sure 192.168.1.11 is the default gateway of the other machine, and that it has an appropriate subnet mask set up.

[Mystic_Slayer]

1. Can you ping your gateway?
2. Can your gateway ping to the internet

If 2 works and 1 isnt, check your cables and your network devices.

Do you ppp for your internet connection, if so then your missing some things.

Maybe you should try this also
IPTABLES=/sbin/iptables
/sbin/depmod -a
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_nat

Or try to remove the quotes before and after 1.

And were are your values for eth0 and eth1 ???

INET_IP="24.224.253.124"
INET_IFACE="eth1"
INET_BROADCAST="255.255.255.255"

LAN_IP="192.168.1.11"
LAN_IP_RANGE="192.168.1.11/16"
LAN_IFACE="eth0"

LO_IFACE="lo"
LO_IP="127.0.0.1"

[RobMcNeil]

well i got it working..
when i get home ill post the script that i used incase anyone wants to know