 |
|
| Linux Forum Index » General Linux Discussion » Masq Problem... |
|
Page 1 of 1 |
|
| Author |
Message |
| ... |
 Posted: Thu Sep 10, 2009 8:51 pm |
|
|
|
Guest
|
I am having a problem with getting 192.168.1.5 to forwarded the traffic
to 192.168.1.7. I can ping all the ip address including my dedicated
server that is located outside of my network. Dns & web is not working.
Machine 1
***************** ****************
* 192.168.1.5 * * 192.168.1.6 *
***************** ---> * eth0 *
* eth0 * **************** ---> Router --> ISP
***************** * 192.168.1.7 * 192.168.1.1
* eth1 *
****************
Note: Netmask being used for all the ip address
listed above is 255.255.255.0
My isp static ip address is 68.106.145.84
and the gateway is 68.106.145.65. Netmask
255.255.255.192
Firewall on 192.168.1.5
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -O OUTPUT -j DROP
iptables -A INPUT -i ppp0 -p tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -o ppp0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 192.168.1.0/24 -p tcp --sport 8080 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 192.168.1.0/24 -p tcp --sport 53 -j ACCEPT
iptables -A OUTPUT -o eth0 -d 192.168.1.0/24 -p tcp --sport 53 -j ACCEPT
iptables -I INPUT 2 -i ppp0 -p tcp --dport ftp -j ACCEPT
iptables -I OUTPUT 2 -o ppp0 -p tcp --sport ftp -j ACCEPT
iptables -D INPUT -i ppp0 -p tcp --sport 80 -j ACCEPT
iptables -D OUTPUT -o ppp0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type any -j ACCEPT
iptables -I INPUT -m state --state INVALID -j LOG --log-prefix "INVALID Input:
"
iptables -I INPUT -m state --state INVALID -j DROP
iptables -I OUTPUT -s 192.168.1.5 -p TCP -d 192.168.1.7 --dport 8080 -j ACCEPT
#iptables -A FORWARD -i eth0 -o ppp0 -s 192.168.1.0/24 -p tcp --dport 80 -j
ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -d 192.168.1.0/24 -p tcp --sport 80 -j
ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -s 192.168.1.0/24 -p tcp --dport 53 -j
ACCEPT
#iptables -A FORWARD -i ppp0 -o eth0 -d 192.168.1.0/24 -p tcp --sport 53 -j
ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j SNAT --to-source
192.168.1.7
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j SNAT --to-source
192.168.1.7
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A OUTPUT -j DROP
Firewall on 192.168.1.6
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
^C
taylorassociate:/var/log/squid# iptables -nvL
Chain INPUT (policy DROP 216 packets, 30062 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 192.168.1.5 192.168.1.7
udp dpt:8080
0 0 ACCEPT tcp -- * * 192.168.1.5 192.168.1.7
tcp dpt:8080
0 0 DROP all -- * * 192.168.1.5 192.168.1.7
14 840 DROP all -- * * 192.168.1.5 192.168.1.6
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
7962 4865K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
219 13968 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:23
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:23
6 288 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:24554
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:24554
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:90
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:90
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:10070
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:10070
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:3306
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:53
30 2027 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:8080
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:8080
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 1582 packets, 112K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 192.168.1.7 192.168.1.5
7191 978K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Tue Dec 01, 2009 12:04 am
|
|