sharing internet with iptables

I've got a problem with iptables => sharing internet (can't connect to the
internet with my client)

I use mandrake 9.2 firewall guarddog and have a asdl-ppp0 connection.

To use the gateway of my server I got the advise to set up the server
like this:

1. first disable firewall
2. # echo 1 > /proc/sys/net/ipv4/ip_forward
3. # iptables -t nat -A POSTROUTING -o ppp0 -j MASQURADE

After that:
4. # iptables -t nat -L

no message

It should be something like:
------------------------------
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--------------------------------------------------

I hope someone can help me solve this problem (firewall related?), in a
dutch newsgroup I got some suggestions but they all failed.

Regards Cothbw


More info:

- Ifconfig:

eth0 Link encap:Ethernet HWaddr 00:04:23:1E:92:05
inet addr:10.0.0.10 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25478 errors:0 dropped:0 overruns:0 frame:0
TX packets:12400 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:17533314 (16.7 Mb) TX bytes:1114002 (1.0 Mb)
Interrupt:20 Base address:0x1000

eth1 Link encap:Ethernet HWaddr 00:10:B5:08:43:CC
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:7196 (7.0 Kb) TX bytes:240 (240.0 b)
Interrupt:21 Base address:0x3f00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:182 errors:0 dropped:0 overruns:0 frame:0
TX packets:182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9426 (9.2 Kb) TX bytes:9426 (9.2 Kb)

ppp0 Link encap:Point-to-Point Protocol
inet addr:62.234.99.23 P-t-P:62.234.96.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:945 errors:0 dropped:0 overruns:0 frame:0
TX packets:995 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:72634 (70.9 Kb) TX bytes:50892 (49.6 Kb)

- route:


Destination Gateway Genmask Flags Metric Ref Use Iface
c3eea6001.cable * 255.255.255.255 UH 0 0 0 ppp0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default c3eea6001.cable 0.0.0.0 UG 0 0 0 ppp0

Cothbw wrote:

> I've got a problem with iptables => sharing internet (can't connect to the
> internet with my client)
>
> I use mandrake 9.2 firewall guarddog and have a asdl-ppp0 connection.
>
> To use the gateway of my server I got the advise to set up the server
> like this:
>
> 1. first disable firewall
> 2. # echo 1 > /proc/sys/net/ipv4/ip_forward
> 3. # iptables -t nat -A POSTROUTING -o ppp0 -j MASQURADE
>
> After that:
> 4. # iptables -t nat -L
>
> no message
>
> It should be something like:
> ------------------------------
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> --------------------------------------------------
>
> I hope someone can help me solve this problem (firewall related?), in a
> dutch newsgroup I got some suggestions but they all failed.
>
> Regards Cothbw
>
>
> More info:
>
> - Ifconfig:
>
> eth0 Link encap:Ethernet HWaddr 00:04:23:1E:92:05
> inet addr:10.0.0.10 Bcast:10.0.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:25478 errors:0 dropped:0 overruns:0 frame:0
> TX packets:12400 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:17533314 (16.7 Mb) TX bytes:1114002 (1.0 Mb)
> Interrupt:20 Base address:0x1000
>
> eth1 Link encap:Ethernet HWaddr 00:10:B5:08:43:CC
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:28 errors:0 dropped:0 overruns:0 frame:0
> TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:7196 (7.0 Kb) TX bytes:240 (240.0 b)
> Interrupt:21 Base address:0x3f00
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:182 errors:0 dropped:0 overruns:0 frame:0
> TX packets:182 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:9426 (9.2 Kb) TX bytes:9426 (9.2 Kb)
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:62.234.99.23 P-t-P:62.234.96.1 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
> RX packets:945 errors:0 dropped:0 overruns:0 frame:0
> TX packets:995 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:72634 (70.9 Kb) TX bytes:50892 (49.6 Kb)
>
> - route:
>
>
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> c3eea6001.cable * 255.255.255.255 UH 0 0 0
> ppp0
> 10.0.0.0 * 255.255.255.0 U 0 0 0
> eth0
> 192.168.1.0 * 255.255.255.0 U 0 0 0
> eth1
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
> default c3eea6001.cable 0.0.0.0 UG 0 0 0
> ppp0
Hello,

try
/usr/sbin/iptables -P FORWARD ACCEPT
to make sure that forwarding is allowed and
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
for dynamicIP/masquerading.
Alex

> Hello,
>
> try
> /usr/sbin/iptables -P FORWARD ACCEPT
> to make sure that forwarding is allowed and
> echo 1 > /proc/sys/net/ipv4/ip_dynaddr
> for dynamicIP/masquerading.
> Alex

Thx
Tried both and after that tried iptables -t nat -L
nothing...

This is the result of some testing:

[root@Tdesktop t]# iptables --help
iptables --help
[root@Tdesktop t]# iptables
[root@Tdesktop t]# iptables --help
[root@Tdesktop t]# iptables
[root@Tdesktop t]# man iptables
[root@Tdesktop t]# iptables
iptables

You can see that the command iptables doesnt result in an output and
sometimes only with the command itself.

could it be that my iptables are corrupt
can I uninstall and install iptables?

Cothbw wrote:

>> Hello,
>>
>> try
>> /usr/sbin/iptables -P FORWARD ACCEPT
>> to make sure that forwarding is allowed and
>> echo 1 > /proc/sys/net/ipv4/ip_dynaddr
>> for dynamicIP/masquerading.
>> Alex
>
> Thx
> Tried both and after that tried iptables -t nat -L
> nothing...
>
> This is the result of some testing:
>
> [root@Tdesktop t]# iptables --help
> iptables --help
> [root@Tdesktop t]# iptables
> [root@Tdesktop t]# iptables --help
> [root@Tdesktop t]# iptables
> [root@Tdesktop t]# man iptables
> [root@Tdesktop t]# iptables
> iptables
>
> You can see that the command iptables doesnt result in an output and
> sometimes only with the command itself.
>
> could it be that my iptables are corrupt
> can I uninstall and install iptables?
Hi,

yes indeed, you should get some output from executing these commands. Try to
verify the package rpm -Vf `which iptables`. Good luck, Alex

> yes indeed, you should get some output from executing these commands. Try to
> verify the package rpm -Vf `which iptables`. Good luck, Alex

After uninstall and install the iptables were working like they should.
Thx!