Find the answer to your Linux question:
Results 1 to 6 of 6
ok, so i dunno what im doing wrong, but hopefully someone here knows im trying to network my 2 computers together using iptables, i have my debian box with 2 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2004
    Location
    New Waterford/NS, Canada
    Posts
    22

    IPTABLES


    ok, so i dunno what im doing wrong, but hopefully someone here knows
    im trying to network my 2 computers together using iptables,
    i have my debian box with 2 NICs and a crossover linking both computers.
    i have the windows xp computer DNS Servers set to my ISP's dns servers.
    the ip address is set as 192.168.1.1 -- the card its connectd to is eth1 on the nix box
    here is my ifconfig:
    Code:
    eth0      Link encap:Ethernet  HWaddr 00:4F:4E:09:4C:53
              inet addr:24.224.253.124  Bcast:255.255.255.255  Mask:255.255.248.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:2097428 errors:0 dropped:0 overruns:0 frame:0
              TX packets:81305 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:311996189 (297.5 MiB)  TX bytes:6050878 (5.7 MiB)
              Interrupt:10 Base address:0x8400
    
    eth1      Link encap:Ethernet  HWaddr 00:05:5D:FC:7F:B2
              inet addr:192.168.1.11  Bcast:255.255.255.0  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:102469 errors:0 dropped:0 overruns:0 frame:0
              TX packets:14887 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:9313511 (8.8 MiB)  TX bytes:15719009 (14.9 MiB)
              Interrupt:15 Base address:0x3000
    also, im using a little script i found somewhere to allow forwarding of packets..
    here is the script:
    Code:
    #!/bin/sh
    IPTABLES=/sbin/iptables
    /sbin/modprobe ip_conntrack
    /sbin/modprobe iptable_nat
    echo "1" > /proc/sys/net/ipv4/ip_forward
    echo "1" > /proc/sys/net/ipv4/ip_dynaddr
    $IPTABLES -P INPUT ACCEPT
    $IPTABLES -F INPUT
    $IPTABLES -P OUTPUT ACCEPT
    $IPTABLES -F OUTPUT
    $IPTABLES -P FORWARD ACCEPT
    $IPTABLES -F FORWARD
    $IPTABLES -F -t nat
    $IPTABLES -A INPUT -i lo -p all -j ACCEPT
    $IPTABLES -A OUTPUT -o lo -p all -j ACCEPT
    $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    $IPTABLES -t filter -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
    $IPTABLES -t filter -A FORWARD -i eth1 -o eth0 -j ACCEPT
    any help would be great,
    thanks

  2. #2
    Linux Newbie
    Join Date
    May 2004
    Location
    Boston, MA
    Posts
    246
    First off, some questions: What errors are you getting? What are the symptoms of your problem? Can the computers see each other at all? Can you post the output of "/sbin/iptables -L"? Etc...

    By the way, that "$IPTABLES -P INPUT ACCEPT" line is treacherous for your network security -- it sets your default policy for incoming packets to ACCEPT, which means you'll automatically accept all packets from all sources on all ports. Typically you should use
    Code:
    iptables -P INPUT DROP
    and explicitly add acceptance rules for all the types of packets you want to accept; but your question isn't about security so I guess this is an unnecessary digression...
    Situations arise because of the weather,
    And no kinds of love are better than others.

  3. #3
    Just Joined!
    Join Date
    Apr 2004
    Location
    New Waterford/NS, Canada
    Posts
    22
    yea right now im not that worried about th secure part of if... its useless being secure if it doesnt work
    but yea, here's what u asked for
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere



    i have it all set to accept, until i get everything up and running properly

  4. #4
    Linux Newbie
    Join Date
    May 2004
    Location
    Boston, MA
    Posts
    246
    Oh, well if that's the output of iptables -L, it looks like either you haven't run the script or it isn't doing what it's supposed to. Did you run it as root? What's the output when you run the script, and does iptables -L look any different after you do?

    Also, make sure 192.168.1.11 is the default gateway of the other machine, and that it has an appropriate subnet mask set up.

  5. #5
    Linux Newbie
    Join Date
    Dec 2003
    Location
    Netherlands
    Posts
    193
    1. Can you ping your gateway?
    2. Can your gateway ping to the internet

    If 2 works and 1 isnt, check your cables and your network devices.

    Do you ppp for your internet connection, if so then your missing some things.

    Maybe you should try this also
    IPTABLES=/sbin/iptables
    /sbin/depmod -a
    /sbin/modprobe ip_conntrack
    /sbin/modprobe iptable_nat

    Or try to remove the quotes before and after 1.

    And were are your values for eth0 and eth1 ???

    INET_IP="24.224.253.124"
    INET_IFACE="eth1"
    INET_BROADCAST="255.255.255.255"

    LAN_IP="192.168.1.11"
    LAN_IP_RANGE="192.168.1.11/16"
    LAN_IFACE="eth0"

    LO_IFACE="lo"
    LO_IP="127.0.0.1"
    Computers Are Like Air Conditioners... They\'re both useless with Windows open!

  6. #6
    Just Joined!
    Join Date
    Apr 2004
    Location
    New Waterford/NS, Canada
    Posts
    22
    well i got it working..
    when i get home ill post the script that i used incase anyone wants to know

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •