Re: Re: [ilugd] Linux as router (Gateway Server)

Sat, 22 Jan 2005 00:06:50 -0800 

> > a)Enabled IP forwarding
> >
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > & added above line in /etc/rc.d/rc.local
>
>Dont put it in rc.local. /etc/sysctl.conf is the right place.
>Add teh following in this file:
>       net.ipv4.ip_forward = 1

yes, i have changed default value 0 to 1.
> > b)Firewall rules as follows:-
> >
>
>Instead of multiple OUTPUT/FORWARD rules, isnt it simpler to add INPUT
>rules on eth0?
>
> >42 # set up IP forwarding and nat
> >43 -A POSTROUTING -o eth0 -j SNAT --to 172.21.0.133
>
>As per your network diagram, shouldnt this be eth1?

yes, it should be eth1

still can;t able to access external systems:-
 
can't able to access mails from my ISP mail server.
      able to ping eth1 gateway IP(ROUTER)or any external domains/IPs.

for reference purpose i am sending current iptables rules.

tried traceroute

#iptable-save >current_rule

# Generated by iptables-save v1.2.9 on Sat Jan 22 12:00:34 2005
*nat
:PREROUTING ACCEPT [3126:541380]
:POSTROUTING ACCEPT [199:22737]
:OUTPUT ACCEPT [97:16472]
COMMIT
# Completed on Sat Jan 22 12:00:34 2005
# Generated by iptables-save v1.2.9 on Sat Jan 22 12:00:34 2005
*filter
:INPUT DROP [148:14817]
:FORWARD DROP [0:0]
:OUTPUT DROP [1:73]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.0.0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 203.122.63.154 -i eth0 -o eth1 -p udp -m state --state NEW -m udp 
--dport 53 -j ACCE
PT
-A FORWARD -d 203.122.63.154 -i eth0 -o eth1 -p udp -m state --state NEW -m udp 
--dport 53 -j ACCE
PT
-A FORWARD -i eth0 -o eth1 -p tcp -m state --state NEW -m multiport --dports 
80,443 -j ACCEPT
-A FORWARD -d 202.134.193.78 -i eth0 -o eth1 -p tcp -m state --state NEW -m 
multiport --dports 25,
110 -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 203.122.63.152 -o eth1 -p udp -m state --state NEW -m udp --dport 
53 -j ACCEPT
-A OUTPUT -d 203.122.63.152 -o eth1 -p udp -m state --state NEW -m udp --dport 
53 -j ACCEPT
-A OUTPUT -o eth1 -p tcp -m state --state NEW -m multiport --dports 80,443 -j 
ACCEPT
-A OUTPUT -d 202.134.193.78 -o eth1 -p tcp -m state --state NEW -m multiport 
--dports 25,110 -j ACCEPT
COMMIT
# Completed on Sat Jan 22 12:00:34 2005



_______________________________________________
ilugd mailinglist -- ilugd@lists.linux-delhi.org
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/ilugd@lists.linux-delhi.org/

Reply via email to