-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 04.06.2008 01:03, Simon Slater a écrit : |> The evolution request has been done from the desktop, not from the |> laptop. Am I right? Packets are dropped because port 110 is not allowed |> by the script, but, up to now this is not the problem. | | Yes, Evolution runs on the desktop. I added port 110 to your script | under the SMPT and NEWS section last night and those packets are not | being logged now. And you can retrieve your mails!? | I hope I have filled in the blanks for you. Following are the logs from | the desktop this morning when i started the laptop and ran firefox. The | web page it is looking for is http://start.fedoraproject.org/ . Hope | this helps: | | <SNIP> | | Jun 4 08:49:51 ipex kernel: [IPTABLES DROP] : IN= OUT=ppp0 | SRC=59.101.220.253 DST=203.8.183.1 LEN=108 TOS=0x00 PREC=0xC0 TTL=64 | ID=1346 PROTO=ICMP TYPE=3 CODE=3 [SRC=203.8.183.1 DST=59.101.220.253 | LEN=80 TOS=0x00 PREC=0x00 TTL=252 ID=5354 DF PROTO=UDP SPT=53 DPT=39780 | LEN=60 ] icmp packets are not allowed by the script and it is not a good idea (sorry!) at least for these type=3. After: $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT add this to the script #paquets icmp #ping accepté en sortie mais pas en entrée $IPTABLES -A INPUT -p icmp --icmp-type 0 -s 0/0 -j ACCEPT $IPTABLES -A OUTPUT -p icmp --icmp-type 8 -d 0/0 -j ACCEPT #"network unreachable" $IPTABLES -A INPUT -p icmp -s 0/0 --icmp-type 3 -j ACCEPT $IPTABLES -A OUTPUT -p icmp -d 0/0 --icmp-type 3 -j ACCEPT And in the LAN part, after #"forwarding": #icmp $IPTABLES -A FORWARD -o $INTERNAL_DEVICE -i $EXTERNAL_DEVICE -p icmp - --icmp-type 0 -s 0/0 -j ACCEPT $IPTABLES -A FORWARD -i $INTERNAL_DEVICE -o $EXTERNAL_DEVICE -p icmp - --icmp-type 8 -d 0/0 -j ACCEPT $IPTABLES -A FORWARD -o $INTERNAL_DEVICE -i $EXTERNAL_DEVICE -p icmp - --icmp-type 3 -s 0/0 -j ACCEPT $IPTABLES -A FORWARD -i $INTERNAL_DEVICE -o $EXTERNAL_DEVICE -p icmp - --icmp-type 3 -d 0/0 -j ACCEPT Also uncomment this line: #$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_DEVICE -j LOG --log-prefix "[IPTABLES MASQ]" rerun the script. If some requests to the Internet come from your laptop, there will some lines like this in the logs of your desktop: <quote> Jun 4 09:45:44 dipankar kernel: [IPTABLES MASQ]IN= OUT=ppp0 SRC=192.168.1.4 DST=213.251.134.188 LEN=76 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56 </quote> Here the 192.168.1.4 computer makes an ntp request to 213.251.134.188 Also, on your desktop run: lsmod | grep -i masquerade There should be some kernel modules for masquerade (ipt_MASQUERADE, nf_nat, ...) FP - -- François Patte UFR de mathématiques et informatique Université Paris Descartes 45, rue des Saints Pères F-75270 Paris Cedex 06 Tél. +33 (0)1 44 55 35 61 http://www.math-info.univ-paris5.fr/~patte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFIRkzVdE6C2dhV2JURAhNNAKCtTFddCYoPY4OH27TRML6FKzFxmACgiEMg eAJmvVmZrFtQ86ZpY0iUINY= =Tp7J -----END PGP SIGNATURE----- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
