Dual e1000e not working with iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am trying to setup a new router for my network.  It is a typical setup - my home LAN with a single internet connection I want to share with all computers.  My current router is running Debian with a 2.6.18 kernel and iptables version 1.3.6 and dnsmasq 2.35.  The new router is running Debian with a 2.6.36 kernel and iptables version 1.4.2 and dnsmasq 2.45.

I took the iptables script from my previous router and put it on the new router, but it does not work.  I cannot get it to forward anything.  I cannot figure out what is going on and am hoping that people on this list can help me out.  Here is the script:


iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward

# unlimited access to LAN
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT

echo " -> Restarting iptables service ..."
iptables-save


Can anyone see what I am doing wrong?  Just in case something is different between versions, I created a whole new set of rules that should do what I want, but cannot get it to work either:


# Delete existing rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections and those not from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAB side
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

# Masquerade
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Don't forward from the outside to the inside
iptables -A FORWARD -i eth0 -o eth0 -j REJECT

# Enable routing
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A FORWARD -i eth1 -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -i eth0 -d 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

PS  - Don't worry about the different subnets - I am trying to get this new router working to route through the existing router.

Thanks for the help!

Jonathan





--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux