Re: Getting access out through gateway

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2008-05-05 at 12:55 +0930, Tim wrote:
> >  Is the problem with the laptop or the gateway box? Here are the
> > iptables rules. 
> 
> Which machine does those supplied rules apply to, and what are the
> rules
> for the other machine?
> 
The previously posted rules apply to the gateway.  The following apply
to the laptop:

[root@acer ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:bootps 
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:bootps 
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED 
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     udp  --  anywhere             224.0.0.251         udp
dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp
dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp
dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:nfs 
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:nfs 
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:netbios-ns 
ACCEPT     udp  --  anywhere             anywhere            state NEW
udp dpt:netbios-dgm 
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:netbios-ssn 
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:microsoft-ds 
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:http 
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited 
[root@acer ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.122.0/24     anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@acer ~]# 

	I didn't think to check the laptop rules because the rejected packet
came from the gateway.  It looks like masquerading is setup on the
laptop also.  This should be off for the client?  I don't know where the
192.168.122.0/24 address came from, nor the 224.0.0.251 for that matter.

-- 
'ooroo
Simon
Registered Linux User #463789. Sign up at: http://counter.li.org/ 

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux