Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    IPTables and web interface problems.

    Hey guys,

    I'm having some issues configuring my iptables settings.

    First of all my network:

    Modem (Linux box):
    eth0 =
    eth1 = (Virtual adapter)
    ppp = DHCP via ISP (Bridged Ethernet from WAN card).

    eth0 =

    WAN Card:
    eth0 =

    I've got it setup that it's PPP over bridged Ethernet. The WAN card is a PCI card with it's own OS on it.

    I've got masquerading working correctly and can connect to the internet just fine.

    My problem is with my WAN card. The WAN card has its own telnet and http server on it, but I can only access it from the modem.

    If I ping my eth1 on the modem ( from the laptop ( the ping is successful.

    If I ping the WAN eth0 ( from the laptop (, the ping fails.

    If I ping, telnet or lynx to the WAN eth0 ( from my linux box, it works fine.

    So basically, only the localhost can communicate with the WAN card's telnet, http etc. Another computer can't.

    I believe this is a iptables problem so any help in this area is really appreciated, as I'm kind of new to it all.

    Here's my IPTables file (It runs on startup):
    IPTBL=/sbin/iptables # Where is IPTables
    $IPTBL -F # Flush All Rules
    # Hard-Coded Default Policies
    # Loopback Traffic Controller
    $IPTBL -A INPUT --in-interface lo -j ACCEPT
    # Allowed Inputs
    $IPTBL -A INPUT -p tcp --dport 80 -j ACCEPT # Allow Apache connections originating from anywhere.
    $IPTBL -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # Allow SSH internally.
    $IPTBL -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT # Allow SSH from internet.
    # Allow Esblashed connections and routing/NAT
    $IPTBL -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Enable NAT.
    $IPTBL -A FORWARD -i eth0 -o ppp0 -j ACCEPT # Allow packets generating from inside to outside
    $IPTBL -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow established connections back in.
    # --------
    $IPTBL -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Allow WAN WGUI to think the local machine is initiating requests.
    $IPTBL -A FORWARD -i eth1 -o eth0 -j ACCEPT # Allow connections from WAN card to LAN.
    $IPTBL -A FORWARD -i eth0 -o eth1 -j ACCEPT # Allow LAN communication to WAN Card.
    # --------
    Last edited by Slyke; 10-03-2011 at 10:42 AM.

  2. #2
    Could do post the result of "traceroute" to the ip from your laptop and from the Modem. Also in the modem do a "route -n" and post the output.


  3. #3
    Hey ss81

    Thanks for your reply!

    I had a feeling it was this and checked myself, but it seems fine... I think.

    Here's the output:
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface U     0      0        0 eth1       U     0      0        0 eth0         UG    100    0        0 eth0

  4. $spacer_open
  5. #4
    Here's the output:
    [CODE]Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface U 0 0 0 eth1 U 0 0 0 eth0 UG 100 0 0 eth0

    Hi Slyke,
    Ping the ip from your laptop and at the same time run "tcpdump -n -i eth1 icmp" in your linux box(modem) and see whether any ICMP packets is reaching the eth1 ( interface if the Linux box.

  6. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    Do you have forwarding turned on on the linux box?


    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts