Re: updated iptables doesn't work with old rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, February 24, 2006 11:14, Daniel Nogradi wrote:
> Hi Rob, thanks a lot for the enlightening remarks.

Erm, well, I hope it was and that I didn't make a mistake anywhere.. ;-)

>> > And I'm also quite confused about eth0/ppp0, perhaps a related
>> > issue is that the kernel ip table of 'machine A' is
>> >
>> > Destination    Gateway        Genmask         Iface
>> > 213.191.89.30     *           255.255.255.255 ppp0
>> > 192.168.10.0      *           255.255.255.0   eth1
>> > 192.168.10.0      *           255.255.255.0   eth0
>> > 169.254.0.0       *           255.255.0.0     eth0
>> > default        213.191.89.30  0.0.0.0         ppp0

> Okay, so it's a routing problem. I guess in order to change that and
> make it right is through the ifcfg-eth0, ifcfg-eth1, ifcfg-ppp0 files,
> isn't it? At the moment they are (on 'machine A'):

Yes.

> DEVICE=eth1
> BOOTPROTO=none
> BROADCAST=192.168.10.255
> IPADDR=192.168.10.101
> NETMASK=255.255.255.0
> NETWORK=192.168.10.0
> ONBOOT=yes
> TYPE=Ethernet
> GATEWAY=192.168.10.254

This NIC seems to be connected to your hub/switch/machine B.
I'd say, because machine A -> internet works, put this one on the
192.168.11.0/24 network and machine B also. (You don't want to change things
that are already working.)

Change :
BROADCAST=192.168.11.255
IPADDR=192.168.11.1
NETWORK=192.168.11.0
GATEWAY=192.168.11.1

> DEVICE=eth0
> BROADCAST=192.168.10.255
> IPADDR=192.168.10.105
> NETMASK=255.255.255.0
> NETWORK=192.168.10.0
> TYPE=Ethernet
> ONBOOT=yes
> GATEWAY=192.168.10.254

Because you can use the internet on machine A, I suppose the config for eth0
is correct.

> USERCTL=yes
> BOOTPROTO=dialup
> NAME=DSLppp0
> DEVICE=ppp0
> TYPE=xDSL
> ONBOOT=yes
> PIDFILE=/var/run/pppoe-adsl.pid
> FIREWALL=MASQUERADE
> PING=.
> PPPOE_TIMEOUT=80
> LCP_FAILURE=3
> LCP_INTERVAL=20
> CLAMPMSS=1412
> CONNECT_POLL=6
> CONNECT_TIMEOUT=60
> DEFROUTE=yes
> SYNCHRONOUS=no
> ETH=eth1
> PROVIDER=DSLppp0
> USER=02024784362
> PEERDNS=yes
> DEMAND=no
> PERSIST=no

You shouldn't have to do anything here. It works already.

> So I need to modify the NETWORK and GATEWAY parameters for eth0 and/or eth1?

No, only eth1 :-)
And look back at the rules that I replied with earlier. I think those should
work for you.

If this doesn't work then I would start adding a log rule at the end of the
FORWARD chain, right before packets are dropped, and see when/why packets are
dropped.


Gr,
Rob
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux