Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > ADSL Firewall not passing Web protocol

Reply
Thread Tools Display Modes

ADSL Firewall not passing Web protocol

 
 
Dave Stauffer
Guest
Posts: n/a

 
      12-21-2003, 04:30 AM
I am trying to set up a Linux firewall with an ADSL Router modem on a
LAN network. The Router plugs into the hub and has a fixed address of
192.168.1.1. The firewall has been assigned an address of
192.168.1.254. It comes frustratingly close to working. Telnet and
Kazaa (oddly enough) work from my Windows machines, but not ordinary
web browsing, AOL Messenger, or even pinging an internet site. I tried
to start with a very basic and open iptables configuration:

iptables -F
iptables -X
iptables -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
192.168.1.254
echo 1 > /proc/sys/net/ipv4/ip_forward

If I save it, I get the following in /etc/sysconfig/iptables:

# Generated by iptables-save v1.2.7a on Sat Dec 20 23:22:01 2003
*filter
:INPUT ACCEPT [140:8022]
:FORWARD ACCEPT [5:304]
:OUTPUT ACCEPT [102:7149]
COMMIT
# Completed on Sat Dec 20 23:22:01 2003
# Generated by iptables-save v1.2.7a on Sat Dec 20 23:22:01 2003
*mangle
:PREROUTING ACCEPT [220:12352]
:INPUT ACCEPT [4915:455040]
:FORWARD ACCEPT [7175:5012998]
:OUTPUT ACCEPT [164:12551]
:POSTROUTING ACCEPT [10990:5466666]
COMMIT
# Completed on Sat Dec 20 23:22:01 2003
# Generated by iptables-save v1.2.7a on Sat Dec 20 23:22:01 2003
*nat
:PREROUTING ACCEPT [1:576]
:POSTROUTING ACCEPT [1:84]
:OUTPUT ACCEPT [2:168]
[1:84] -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.254
COMMIT

Can anyone suggest what I might be missing? Thanks for any help.

--Dave
 
Reply With Quote
 
 
 
 
Antoine EMERIT
Guest
Posts: n/a

 
      12-23-2003, 12:08 PM
(E-Mail Removed) (Dave Stauffer) écrivait
news:(E-Mail Removed) om:
> 192.168.1.1. The firewall has been assigned an address of
> 192.168.1.254. It comes frustratingly close to working. Telnet and

The firewall should also have a public ip address, when the line is up,
certainaly on a ppp interface (not in 192.168.x.x or 10.x.x.x range).

> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
> 192.168.1.254

and so you shoudl use the public interface and adress in the firewall
rules :

iptables -t nat -A POSTROUTING -o ppp+ -j SNAT --to-source <public_ip>

or masquerade (especially if you have a dynamic address) :

iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE


Marquerading get the current interface ip adress, and reset lost
connexion if the ip change.


Regards
 
Reply With Quote
Reply

« samba network masks and vtun | linux behind linksys - configuration of server »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable VPN PPTP protocol in firewall logs out MS-Messenge Icarus Windows Networking 1 11-14-2005 10:22 PM
VPNclient, protocol ESP, AH and firewall Matthias Apitz Linux Networking 3 07-12-2005 07:44 AM
HOW FIREWALL WORKS WITH URL FILTERING SERVER USING UFP PROTOCOL siddurampure@yahoo.co.in Linux Networking 0 01-25-2005 05:59 AM
Protocol Chart - Learn how to use a Protocol Analyzer news.comcast.giganews.com Wireless Networks 0 08-21-2004 04:35 PM
VPN using ESP protocol, problems with firewall Jon Rook Linux Networking 1 08-14-2003 06:39 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11