IRC Logs

Network: freenode Channel: #iptables

	Enter your search terms Submit search form
	Web www.irclog.org

[21:53]<fyguw_drgau>then it will be treated as per the default policy
[21:55]<afnxnztnah>linux_manju, hi, sorry i was away from the computer
[21:55]<afnxnztnah>linux_manju, ip_foward has '1'
[21:55]<fyguw_drgau>AleXerTecH: np
[21:55]<afnxnztnah>the problem is that i cant share internet from the server to the network
[21:55]<fyguw_drgau>What happens if you ping yahoo.com from teh clients..
[21:56]<afnxnztnah>linux_manju, the server works perfectly but i cant get connected to internet from the clients
[21:56]<fyguw_drgau>do u get request timed out?
[21:56]<afnxnztnah>no
[21:56]<afnxnztnah>i get the ip of yahoo.com
[21:56]<afnxnztnah>and then
[21:56]<afnxnztnah>nothing
[21:56]<afnxnztnah>just stays blinking there :S
[21:56]<fyguw_drgau>hmm.. AleXerTecH gimme one sec.. Let me go through the rules again
[21:56]<afnxnztnah>http://pastebin.ca/110269
[21:57]<afnxnztnah>im also checking the rules :S
[21:58]<rlsymns>linux_manju: so as long as i only have accept rules under the first '-P INPUT DROP' it will drop everything else. I must explicitly allow anything i need when i use a default drop
[21:58]<rlsymns> was confused, i was wondering why ANY gets through with the first rule being DROP
[21:59]<rlsymns>any=anything
[21:59]<fyguw_drgau>AleXerTecH: can u try this command and see.. If that works for you?
[21:59]<afnxnztnah>linux_manju, wich ?¡
[21:59]<fyguw_drgau>AleXerTecH: iptables -t nat -I POSTROUTING -s <your LAN network> -d 0.0.0.0/0 -j SNAT --to <one of the public ip>
[22:00]<afnxnztnah>lets see
[22:00]<fyguw_drgau>AleXerTecH: type that command with proper modification
[22:01]<fyguw_drgau>apsides: Here is how it goes... Lest say u have 10 rules.. in the INPUT
[22:02]<fyguw_drgau>and a packet coming will be checked with all ten rules.. If any of them match.. It will be treated accordingly..
[22:02]<fyguw_drgau>else.. It will be dropped as per the iptables -P INPUT DROP
[22:03]<rlsymns>so the -P isn't looked at the same way as -A is
[22:03]<rlsymns>the P is just the default rule in the case nothing matches
[22:03]<fyguw_drgau>apsides: Nope.. A is a rule ... and P is a policy..
[22:03]<fyguw_drgau>In other words.. If nothing else matches then do this
[22:03]<rlsymns>and in the case of only have the policy, it is also the only rule so all packets are dropped
[22:05]<fyguw_drgau>apsides: right
[22:05]<fyguw_drgau>apsides: thats right
[22:05]<afnxnztnah>linux_manju, nop, doesnt work
[22:05]<rlsymns>linux_manju: thanks for your help, that was really the only thing i was confused about. now it makes a lot more sense
[22:05]<afnxnztnah>linux_manju, i still get the pings frozen after resolve
[22:06]<fyguw_drgau>AleXerTecH: ok..
[22:06]<fyguw_drgau>AleXerTecH: try iptables -I FORWARD -s <LAN NEtwork/mask> -d 0.0.0.0/0 -j ACCEPT
[22:07]<fyguw_drgau>with the above command
[22:07]<fyguw_drgau>apsides: NP
[22:12]<afnxnztnah>linux_manju, still nothing :(
[22:14]<fyguw_drgau>try...
[22:14]<fyguw_drgau>from the firewall..
[22:14]<fyguw_drgau>ping -I <one of teh public ip> yahoo.com
[22:14]<drwygn>I can't find -I in the DNS.
[22:15]<fyguw_drgau>maxine: ??
[22:15]<drwygn>no idea, linux_manju
[22:16]<fyguw_drgau>maxine: Whats is it you are asking..
[22:16]<drwygn>i don't know, linux_manju
[22:16]<fyguw_drgau>maxine: huh ??
[22:16]<drwygn>linux_manju: no idea
[22:17]<fyguw_drgau>maxine: what are you talking about..?
[22:17]<drwygn>linux_manju: no idea
[22:17]<afnxnztnah>linux_manju, from the firewall everything works perfect
[22:17]<afnxnztnah>:(
[22:18]<afnxnztnah>all the machines can do ping to the firewall, and to the other machines
[22:18]<afnxnztnah>the firewall also see the other machines
[22:18]<fyguw_drgau>AleXerTecH: as I understand it .. the firewall has two public IPs.. just wanted to check . If both are having connectivity..
[22:18]<afnxnztnah>linux_manju, yes, the two are working with ip route
[22:19]<fyguw_drgau>AleXerTecH: can u try the above ping command with ping -I <Other public IP> yahoo.com
[22:19]<afnxnztnah>ok
[22:19]<afnxnztnah>linux_manju, i have response from the firewall
[22:20]<fyguw_drgau>AleXerTecH: That means there is not any routing issues as far as firewall concerned...
[22:20]<fyguw_drgau>AleXerTecH: here is the acid test..
[22:20]<afnxnztnah>?
[22:20]<fyguw_drgau>AleXerTecH: do
[22:21]<fyguw_drgau>iptables -t nat -Z PREROUTING
[22:21]<ewzrfwrr>how can i change the ttl ? my provider is routing all packets with ttl 1
[22:21]<fyguw_drgau>iptables -t nat -Z POSTROUTING
[22:21]<fyguw_drgau>and give me the out put of iptables -t nat -L -nv
[22:22]<fyguw_drgau>z3rgl1ng: cat proc/sys/net/ipv4/ip_default_ttl
[22:23]<fyguw_drgau>echo <ttl value> /proc/sys/net/ipv4/ip_default_ttl
[22:23]<fyguw_drgau>shld change it
[22:26]<ewzrfwrr>linux_manju, if the provider is forwarding packats with ttl 1
[22:27]<ewzrfwrr>ping google.com i get ttl 1
[22:28]<afnxnztnah>linux_manju, this is the output without -Z POSTROUTING http://pastebin.ca/110553
[22:28]<fyguw_drgau>z3rgl1ng: what is that you are trying to do.. You want to send the packets out with changed ttl ?
[22:28]<afnxnztnah>linux_manju, this is the output with the -Z POSTROUTING http://pastebin.ca/110555
[22:31]<afnxnztnah>linux_manju, are you theere ?
[22:31]<fyguw_drgau>AleXerTecH: did u try to ping or browse after -Z commands?
[22:31]<ewzrfwrr>linux_manju, i want to forward packets in my private lan... and that packets arive at my computers with ttl 0
[22:31]<afnxnztnah>linux_manju, yes, and doesnt work
[22:32]<fyguw_drgau>z3rgl1ng: Hmmm... Ur ISP is a smart fella ;)
[22:32]<fyguw_drgau>z3rgl1ng: try iptables -t mangle -A PREROUTING --help.. there is an option to chage the ttl balue
[22:33]<fyguw_drgau>AleXerTecH: Nope.. It doesnt do anythig other than zeroing the counters..
[22:33]<fyguw_drgau>15 1260 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
[22:33]<afnxnztnah>i dont understand :S
[22:34]<afnxnztnah>whats wrong then ?
[22:34]<fyguw_drgau>as u can see from the first two colums.. the packets are reaching the MASQ chain..
[22:34]<afnxnztnah>but ?
[22:34]<fyguw_drgau>AleXerTecH: It wont be a good suggestion.. But if u want to try the network settings...
[22:35]<fyguw_drgau>you can disable the firewall.. rules.. I mean flush all of it.. and try only these commands.. And see if that works..
[22:35]<fyguw_drgau>to flush..
[22:36]<fyguw_drgau>for i in { INPUT FORWARD OUTPUT };do iptables -F $i ; done
[22:37]<fyguw_drgau>iptables -t nat -F
[22:37]<fyguw_drgau>iptables -t filter -F
[22:38]<fyguw_drgau>that should remove all the existing rules.. Just to make sure... if you are using redhat run service iptables restart
[22:38]<fyguw_drgau>then.. try with
[22:39]<fyguw_drgau>iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j SNAT --to < primary public IP>

Back to #iptables
Or go to some related logs:
#gentoo
#php
#suse
#gentoo
#gentoo