Iptables v1.2 headache.

Iptables v1.2 headache.

Post by David Star » Wed, 21 Mar 2001 01:39:01



Hi again

Up until recently I've always used ipfwadm for all my networks. I've
taken a copy of zipslack, chucked it onto a reiserFS patition and hacked
the
whole system down and reinstalled tonns of stuff. it currently runs.

Linux 2.4.1 - iptables v1.2 and a pppd in Dial on Demand mode.(ISDN)

I've configured Netfilter to look like this :

<*> Connection tracking
<*>    FTP protocol support
<*> IP tables support
<*> Packet Filtering
<*>     REJECT target support
<*>     MIRROR target support
<*> Full NAT
<*>     MASQUERADE target support
<*>     REDIRECT target support

everything else under IP: Netfilter Configuration is left out.
and yes Sysctl is enabled.

Now.. I don't want to do anything fancy just a bit of IP masquerading
through a Dial on Demand ppp0
device for a small network.

Previously it was a cyinch.

All i did was put :

ipfwadm -F -p deny
ipfwadm -F -a m -b -S 192.168.0.0/24 -D 0.0.0.0/0

in my rc.local.

Now i have to use a funny NAT table and all anyway I've read and read
and I've done so much pacing that I've tripped  twice on the same place.
:-)

This is what I make out that I am supposed now (with iptables 1.2 and
Linux 2.4.1)
(according to the NAG anyway)

iptables -t nag -F
iptables -t nag -P POSTROUTING DROP
iptables -t nag -A POSTROUTING -o ppp0 -j MASQUERADE

This works.. but.. now the Clients still can't see the net..

Their DNS server is set to the correct one (I know becaues everything is
the same as it was before using ipfwadm and the dhcpc.conf is the same)

In fact they can't even ping a Internet Server even if they know it's
IP.

Where could I have gone wrong?.. do I need to set other Rules in the
other tables?

TIA David

 
 
 

Iptables v1.2 headache.

Post by Sven Golcher » Fri, 23 Mar 2001 07:37:17


David,

your iptables commands look okay for your task, except the -t option has to go with parameter "nat", like

iptables -t nat ...

but I assume that's just a typo in your message. If your Linux box can  properly access the internet, try an

echo 1 > /proc/sys/net/ipv4/ip_forward

just to make sure IP forwarding is enabled.

Sven


> (...)
> Linux 2.4.1 - iptables v1.2 and a pppd in Dial on Demand mode.(ISDN)
> (...)

> Now.. I don't want to do anything fancy just a bit of IP masquerading
> through a Dial on Demand ppp0 device for a small network.
> (...)

> This is what I make out that I am supposed now (with iptables 1.2 and
> Linux 2.4.1)
> (according to the NAG anyway)

> iptables -t nag -F
> iptables -t nag -P POSTROUTING DROP
> iptables -t nag -A POSTROUTING -o ppp0 -j MASQUERADE


 
 
 

1. iptables v1.2.2: can't initialize iptables table `filter': Table does not exist

I have the following error when I try to use iptables...
Any idea? Thanks.


Linux gw2 2.4.10 #1 Sun Sep 30 00:09:25 EEST 2001 i586 unknown

Module                  Size  Used by
ip_conntrack           12784   0  (unused)
ip_tables              10752   0  (unused)
8139too                11040   1
dmfe                   12640   1

iptables v1.2.2: can't initialize iptables table `filter': Table does not
exist
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

2. fsck REVISED

3. special characters

4. iptables giving headaches - multiple interfaces / logging?

5. :argument processing

6. IPTABLES V1

7. Problem: Keyboard in Console

8. iptables v1.2.4 logs dropped packets that should have been allowed ???

9. iptables v1.2.1a and FTP?

10. iptables v1.3.4: "--dport unknown argument"

11. v1.3 kernel, v1.5 httpd (NCSA) incompatibilities?

12. Kernels! v1.3.xx or v1.2.xx?!