[Linuxtrent] iptables
- From: Giuseppe Briotti <g.briotti@xxxxxxxxx>
- To: linuxtrent@xxxxxxxxxxxxx
- Date: Mon, 23 Aug 2004 22:51:02 +0200 (CEST)
Non le imparero' mai... :-(
Questa e' la situazione... naturalmente, la linuxbox esce sulla rete
la win98 no. Fatemi sapere dove posso andare a sbattere la testa :-)
o meglio ancora quale è la cazzata che ho scritto.
Naturalmente ho visto HOSTNAME, host.conf, hosts, etc. e mi sembrano
in ordine...
Situazione:
Computer G1 - Linux SuSe 9.1 - ppp0, eth0 (192.168.0.1), eth1 (non configurata)
Computer G2 - windows 98 - eth0 (192.168.0.2)
Il computer G1 dovrebbe condividere la connessione ad internet
con G2, agendo da gateway (ed in seguito da firewall). Sono
partito dal Masquerading Made Simple HowTo, che suggeriva i
seguenti comandi per creare una tabella. Sulla macchina G2
si è impostato come gateway 192.168.0.1, nessun Wins, come
DNS 192.168.0.1, come ip 192.168.0.2/255.255.255.0.
Sequenza dei comandi per creare la tabella
> modprobe ipt_MASQUERADE
> iptables -F; iptables -t nat -F; iptables -t mangle -F
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> echo 1> /proc/sys/net/ipv4/ip_forward
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
> iptables -P INPUT DROP
> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
Risultato delle tabelle create
> iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
> iptables -t -nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
> iptables -t -mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Gli ifstatus per le schede mi dicono:
# ifstatus ppp0
ppp0
interface ppp0 is up
provider-file: provider0
status: connected
demand: no
# ifstatus eth0
eth0 device: 3Com Corporation 3c940 1000Base? (rev 12)
eth0 configuration: eth-id-00:0c:6e:58:00:c0
eth0 is up
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:6e:58:00:c0 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
inet6 fe80::20c:6eff:fe58:c0/64 scope link
valid_lft forever preferred_lft forever
eth0 IP address: 192.168.0.1/24
Configured routes for interface eth0:
169.254.0.0 - 255.255.0.0 eth0
Active routes for interface eth0:
192.168.0.0/24 proto kernel scope link src 192.168.0.1
169.254.0.0/16 scope link
1 of 1 configured routes for interface eth0 up
# ifstatus eth1
eth1 device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
(rev 10)
ERROR: No configuration found for eth1
--
Giuseppe Briotti
g.briotti@xxxxxxxxx
"Alme Sol, curru nitido diem qui
promis et celas aliusque et idem
nasceris, possis nihil urbe Roma
visere maius."
(Orazio)
--
Per iscriversi (o disiscriversi), basta spedire un messaggio con OGGETTO
"subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx
Other related posts: