Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Linux router...can ping internet from client but no http-internet acce

Status
Not open for further replies.
Ju

Ju

Technical User
Jul 4, 2000
61
0
0
FR
Hi,

I have a linux machine used as a router with a mandrake 8.
I am using Iptables to Firewall/Route.

My problem is that I don't have access to the internet on the linux machine and my clients computer (under windows2000pro) can only ping the internet.... I have made the script that follows to configure my Firewall/Router:

echo "mise en place du Forwarding"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

#echo "eth1 est sur le reseau interne"
dev_intra="eth1"
#echo "eth0 est sur le modem ADSL"
dev_inter="eth0"


echo "nettoyage des tables d iptables"
iptables -F
iptables -X

echo "initialisation, nous refusons TOUTES les entrees/sorties"
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD ACCEPT

echo "Accepte les pings de n'importe où..."
iptables -A INPUT -d 0.0.0.0/0 -p ICMP -j ACCEPT
iptables -A OUTPUT -s 0.0.0.0/0 -p ICMP -j ACCEPT

echo "Entrees/sorties de la machine locale vers elle meme AUTORISEES"
iptables -A OUTPUT -s 127.0.0.0/8 -o lo -j ACCEPT
iptables -A INPUT -d 127.0.0.0/8 -i lo -j ACCEPT

# Activate Forwarding
iptables -A FORWARD -j ACCEPT -i eth1 -o ppp0 -s 192.168.0.0/24
iptables -A FORWARD -j ACCEPT -o eth1 -i ppp0 -s 0.0.0.0/0

# and masquerade IntraNet to Internet with Firewall Internet IP.
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

echo "Routage avec Masquarade lancé"
#iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE

I would like my client and host computer to access http, ftp, mail services and realaudio ... while being a little secured :)

I'm pretty lost for now I hope you can help me....

Thank you very much.
 
Sort by date Sort by votes
Firstly, let me say that I am not an IPtables expert - still struggling with IPchains.:)

However, it looks to me like you have a default policy of DROP on the input table, and no rules to allow any traffic (except ICMP - ping). Perhaps you could put in an explicit rule for your clients host to allow tcp traffic on port 80 to be accepted on input and forwarded and output and see if the web becomes available?


Hope this helps.


 
Upvote 0 Downvote
skk is right.
iptables -P output ACCEPT
Then set up filters for outbound traffic if there are some things you dfo not want your users to be able to do.
at least
iptables -A output -s privatenet -d 0/0 80 -p tcp -j ACCEPT
By the way you will need to allow 1024-3xxx for return connects in your input rules and high ports 45xxx+ for starters if you want to browse anything.
 
Upvote 0 Downvote
Just a thought... at the top you seem to be saying that there is an ADSL connex on interface eth0. However your iptables commands refer to interface ppp0 which would be an ordinary modem ppp connection. Should you not have eth0 instead ?!

Rgds
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hobbytech
  • Locked
  • Question
Internet not connecting
Replies
5
Views
75
Stephen_Hawk
Stephen_Hawk
kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
67
kristiandg
kristiandg
SamBones
  • Question
How Do I Start/Stop Systemd Services as a non-root User?
Replies
2
Views
205
gbaughma
gbaughma
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
87
SamBones
SamBones
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
54
bhuv560
bhuv560

Part and Inventory Search

Sponsor

Back
Top