weird iptables behaviour
- From: Fabio <nsafve_DELETE_ME_@xxxxxx>
- Date: 24 Nov 2006 00:48:55 GMT
Hello,
I've got a strange problem with IP Masquerade:
PC1 is connected to internet and PC2 uses PC1
as the gateway.
From PC2 i can ping and even traceroute any URL(for example ping and traceroute www.wikipedia.org
works great) but i can open very few web pages.
I only can see there 3 sites:
www.mozilla.org www.beppegrillo.it www.google.com
but I can't open for example www.yahoo.com and much more.
More than that is I can use skype from PC2, so I absolutely
don't have a clue about what to do.
This is my network's diagram:
[INTERNET]<-->(eth0)[PC1](eth1)<--->(eth0)[PC2]
On PC1:
eth0: 192.168.0.1 (with a cable to the modem)
eth1: 192.168.1.1 (with a crossed cable to PC2)
On PC2:
eth0: 192.168.1.2 (with a crossed cable to PC1)
iptables is configured via the following script:
-------- START SCRIPT -----------
#!/bin/bash
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp ip_nat_ftp
modprobe iptable_nat
modprobe ipt_MASQUERADE
# Load the most important modules (NAT e MASQUERADE are mandatory!)
#.....
#.....
echo '0' > /proc/sys/net/ipv4/ip_forward
# No IP forward for now...
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Add a rule to the postrouting chain
# every packet going out through ppp0 must be masked
iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# accept every packet that belongs to connections already
# established or related to them
iptables -A FORWARD -s 192.168.1.0/255.255.255.0 -j ACCEPT
# accept the traffic generated by the local net
iptables -A FORWARD -j DROP
# anything else is dropped
echo '1' > /proc/sys/net/ipv4/ip_forward
# now we can forward the connection
---------- END SCRIPT -------------
this is the result of /sbin/ifconfig
------------ /sbin/ifconfig---------------
eth0 Link encap:Ethernet HWaddr 00:40:F4:97:AD:B0
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::240:f4ff:fe97:adb0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5324543 errors:0 dropped:0 overruns:0 frame:0
TX packets:6272147 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3141935438 (2.9 GiB) TX bytes:4170449394 (3.8 GiB)
Interrupt:17 Base address:0xf00
eth1 Link encap:Ethernet HWaddr 00:20:ED:28:F2:6A
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::220:edff:fe28:f26a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7435 errors:0 dropped:0 overruns:0 frame:0
TX packets:6390 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1263495 (1.2 MiB) TX bytes:5152233 (4.9 MiB)
Interrupt:17 Base address:0x2e00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11152 errors:0 dropped:0 overruns:0 frame:0
TX packets:11152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:655844 (640.4 KiB) TX bytes:655844 (640.4 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:XXX.XXX.XXX.XXX P-t-P:XXX.XXX.XXX.XXX
Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST
MTU:1492 Metric:1 RX packets:1494583 errors:0 dropped:0
overruns:0 frame:0 TX packets:1686118 errors:0 dropped:0
overruns:0 carrier:0 collisions:0 txqueuelen:3 RX
bytes:988981980 (943.1 MiB) TX bytes:825238709 (787.0 MiB)
-------------------- end /sbin/ifconfig ------------------
Why I can see only few sites and ping them all? It makes non sense to me.
I hope somebody can help me, thank you in advance,
Fabio
.
- Follow-Ups:
- Re: weird iptables behaviour
- From: Clifford Kite
- Re: weird iptables behaviour
- From: Jeroen Geilman
- Re: weird iptables behaviour
- From: Grant
- Re: weird iptables behaviour
- Prev by Date: Re: User specific "/etc/hosts" ?
- Next by Date: Re: weird iptables behaviour
- Previous by thread: Two routes to a host: how to make sure which noe is used when?
- Next by thread: Re: weird iptables behaviour
- Index(es):
Relevant Pages
|
