Find the answer to your Linux question:
Results 1 to 5 of 5
Hey guys, I'm having some issues configuring my iptables settings. First of all my network: Modem (Linux box): eth0 = 10.0.0.1/255.0.0.0 eth1 = 12.0.0.2/255.255.255.252 (Virtual adapter) ppp = DHCP via ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2007
    Posts
    24

    IPTables and web interface problems.


    Hey guys,

    I'm having some issues configuring my iptables settings.

    First of all my network:

    Modem (Linux box):
    eth0 = 10.0.0.1/255.0.0.0
    eth1 = 12.0.0.2/255.255.255.252 (Virtual adapter)
    ppp = DHCP via ISP (Bridged Ethernet from WAN card).

    Laptop:
    eth0 = 10.0.0.2/255.0.0.0

    WAN Card:
    eth0 = 12.0.0.1/255.255.255.252

    I've got it setup that it's PPP over bridged Ethernet. The WAN card is a PCI card with it's own OS on it.

    I've got masquerading working correctly and can connect to the internet just fine.

    My problem is with my WAN card. The WAN card has its own telnet and http server on it, but I can only access it from the modem.

    If I ping my eth1 on the modem (12.0.0.2) from the laptop (10.0.0.2) the ping is successful.

    If I ping the WAN eth0 (12.0.0.1) from the laptop (10.0.0.2), the ping fails.

    If I ping, telnet or lynx to the WAN eth0 (12.0.0.1) from my linux box, it works fine.

    So basically, only the localhost can communicate with the WAN card's telnet, http etc. Another computer can't.

    I believe this is a iptables problem so any help in this area is really appreciated, as I'm kind of new to it all.

    Here's my IPTables file (It runs on startup):
    Code:
    #!/bin/sh
    
    IPTBL=/sbin/iptables # Where is IPTables
    
    $IPTBL -F # Flush All Rules
    
    # Hard-Coded Default Policies
    $IPTBL -P OUTPUT ACCEPT
    $IPTBL -P INPUT DROP
    $IPTBL -P FORWARD DROP
    
    # Loopback Traffic Controller
    $IPTBL -A INPUT --in-interface lo -j ACCEPT
    
    # Allowed Inputs
    $IPTBL -A INPUT -p tcp --dport 80 -j ACCEPT # Allow Apache connections originating from anywhere.
    $IPTBL -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # Allow SSH internally.
    $IPTBL -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT # Allow SSH from internet.
    
    # Allow Esblashed connections and routing/NAT
    $IPTBL -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Enable NAT.
    $IPTBL -A FORWARD -i eth0 -o ppp0 -j ACCEPT # Allow packets generating from inside to outside
    $IPTBL -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # Allow established connections back in.
    
    # HERE IS MY CONFIGS FOR THE WAN HTTP/TELNET SERVER.
    # --------
    $IPTBL -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Allow WAN WGUI to think the local machine is initiating requests.
    $IPTBL -A FORWARD -i eth1 -o eth0 -j ACCEPT # Allow connections from WAN card to LAN.
    $IPTBL -A FORWARD -i eth0 -o eth1 -j ACCEPT # Allow LAN communication to WAN Card.
    # --------
    Last edited by Slyke; 10-03-2011 at 11:42 AM.

  2. #2
    Just Joined!
    Join Date
    Dec 2010
    Posts
    13
    Hi,
    Could do post the result of "traceroute" to the ip 12.0.0.1 from your laptop and from the Modem. Also in the modem do a "route -n" and post the output.

    --Regards,
    Sumit.

  3. #3
    Just Joined!
    Join Date
    Sep 2007
    Posts
    24
    Hey ss81

    Thanks for your reply!

    I had a feeling it was this and checked myself, but it seems fine... I think.

    Here's the output:
    Code:
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    12.0.0.0        0.0.0.0         255.255.255.252 U     0      0        0 eth1
    10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0
    0.0.0.0         10.0.0.1        0.0.0.0         UG    100    0        0 eth0

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Dec 2010
    Posts
    13
    Here's the output:
    [CODE]Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    12.0.0.0 0.0.0.0 255.255.255.252 U 0 0 0 eth1
    10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
    0.0.0.0 10.0.0.1 0.0.0.0 UG 100 0 0 eth0

    Hi Slyke,
    Ping the ip 12.0.0.1 from your laptop and at the same time run "tcpdump -n -i eth1 icmp" in your linux box(modem) and see whether any ICMP packets is reaching the eth1 (12.0.0.2) interface if the Linux box.

  6. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Do you have forwarding turned on on the linux box?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •