Yes, yes, gre is not a port, I know.
Here is the output of iptables -L on the Actiontec:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT gre -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp dpt:telnet
DROP tcp -- anywhere anywhere tcp dpt:www
QUEUE udp -- anywhere anywhere udp dpt:domain
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
QUEUE udp -- anywhere anywhere udp spt:domain
QUEUE udp -- anywhere anywhere udp dpt:domain
REJECT tcp -- anywhere anywhere state
INVALID,NEW,RELATED,UNTRACKED tcp dpt:telnet flags:!SYN/SYN reject-with
tcp-reset
sLog all -- anywhere anywhere sLog max_num 50
timeout 300
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
QUEUE udp -- anywhere anywhere udp spt:domain
DROP udp -- anywhere anywhere udp spt:route
DROP icmp -- anywhere anywhere icmp
destination-unreachable
DROP icmp -- anywhere anywhere state INVALID
Looks good to me.
and iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT gre -- anywhere anywhere
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:1723
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:ftp
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:ssh
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:smtp
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:www
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:110
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:143
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:443
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:900
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:901
to:10.254.254.251
DNAT tcp -- anywhere anywhere tcp dpt:922
to:10.254.254.251
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Also looks good. I am baffled. Any other suggestions?
thanks
"David Efflandt" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Mon, 22 Nov 2004, HisNameWasRobertPaulson
> <kalis_anon_REMOVE_@hotmail.com> wrote:
> > Hey gang, I have an Actiontec for my DSL modem and behind that a M$ vpn
> > endpoint. Problem is, this Actiontec does not appear to be forwarding
the
> > GRE packets... and it's really driving me crazy.
> > The tcp port 1723 traffic is going through just fine, but GRE is not,
even
> > though I setup GRE in the Actiontec's "port forwarding" section.
> >
> > Anyone have any clues, else I go mad!
>
> GRE is NOT a port, it is a protocol (maybe that is your error):
> > grep gre /etc/protocols
> gre 47 GRE # General Routing Encapsulation
>
> > On a related note, I telneted ino this thing to avoid using the web/http
> > setup and lo and behold - this little bugger is running Linux! Yep,
iptables
> > and all! Now I feel bad for all the verbal abuse I had been giving it.
> > Anyway, I tried inputing the chain rule manually, and still this little
guy
> > refuses to pass GRE traffic, even though I clearly see it in the
iptables
> > list! Any thoughts, please!?
> >
> > Actiontec GT701-wg (provided by qwest)
>
> But is it -p 47 and in the proper order?
|
Similar Threads
Linear Mode
