Re: iptables
Eden Caldas
You will also need a DNS server and make your dhcp inform this to clients as well.
have you done NAT rules? You will need a MASQUERADE one.
Eden Caldas
Consultor de TI
ed...@linuxfacil.srv.br
(81) 9653 7220
LINUX FÁCIL – Consultoria e Serviços em TI
Hello,I'm French, I'm sorry for my bad english.I'm a beginner debian user.In my home network, I have a linux machine with debian6.My debian has to do dhcp server with isc-server.I have 2 network card, eth0 = public Ip (adsl modem)eth1 = lan.My dhcp server runs.But I can't connect to internet with pc's.Description :network : 10.20.30.0mask : 255.255.255.0Windows server: 10.20.30.2Linux server (Debian6) : 10.20.30.1 (DHCP a nd gateway to wan)Accesspoint Wifi : 10.20.30.3NAS server : 10.20.30.4MAO PC: 10.20.30.5laptop : 10.20.30.6IP phone : 10.20.30.7, 10.20.30.8, 10.20.30.9I can connect to lan machines but not to wan.cat /proc/sys/net/ipv4/ip_forward is 1
What are routes I have to create with route command ?How can I routed 80 port to 10.20.30.1 with iptables ?thank you for your help !
AMICALEMENT
Manu
SITES WEBS
Mon site web Officiel (Manu-dpk.net)
Ecoutez Radio DPK
CONTACT
- E-mail : manu...@manu-dpk.net
- Messenger (WLM) : m...@manu-dpk.net
- Skype : manu-dpk
PS : Pour le respect de l'environnnement, n'imprimez ce mail qu'en cas de nécessité.
Gerdriaan Mulder
>>
>> What are routes I have to create with route command ?
>
4-step NAT, first step is to enable forwarding on the specific
interfaces, or ip_forward globally.
next three steps are iptables rules:
iptables -A FORWARD -i eth0 -o eth1 -m state --state
RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Next step is to configure the DHCP-server to propagate the IP
addresses to the network. Send the gateway (10.20.30.1) with the DHCP
offer and your computers should be able to reach the internet.
--
To UNSUBSCRIBE, email to debian-fire...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/BANLkTi=t27JZOTndtmnz...@mail.gmail.com
Eden Caldas
Eden Caldas
Consultor de TI
ed...@linuxfacil.srv.br
(81) 9653 7220
LINUX FÁCIL – Consultoria e Serviços em TI
Hello,I'm French, I'm sorry for my bad english.I'm a beginner debian user.In my home network, I have a linux machine with debian6.My debian has to do dhcp server with isc-server.I have 2 network card, eth0 = public Ip (adsl modem)eth1 = lan.My dhcp server runs.But I can't connect to internet with pc's.Description :
network : 10.20.30.0mask : 255.255.255.0Windows server: 10.20.30.2Linux server (Debian6) : 10.20.30.1 (DHCP a nd gateway to wan)Accesspoint Wifi : 10.20.30.3NAS server : 10.20.30.4MAO PC: 10.20.30.5laptop : 10.20.30.6IP phone : 10.20.30.7, 10.20.30.8, 10.20.30.9I can connect to lan machines but not to wan.
cat /proc/sys/net/ipv4/ip_forward is 1
What are routes I have to create with route command ?
How can I routed 80 port to 10.20.30.1 with iptables ?thank you for your help !
Manu:
Check if 10.20.30.1 is default gateway for all devices in LAN.
In Debian Server, traffic to Internet must be nated:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Javier.-
Manu
Ansgar Wiechers
> In my home network, I have a linux machine with debian6.
> My debian has to do dhcp server with isc-server.
> I have 2 network card, eth0 = public Ip (adsl modem)
> eth1 = lan.
> My dhcp server runs.
> But I can't connect to internet with pc's.
> Description :
>
> network : 10.20.30.0
> mask : 255.255.255.0
> Windows server: 10.20.30.2
> Linux server (Debian6) : 10.20.30.1 (DHCP a nd gateway to wan)
> Accesspoint Wifi : 10.20.30.3
> NAS server : 10.20.30.4
> MAO PC: 10.20.30.5
> laptop : 10.20.30.6
> IP phone : 10.20.30.7, 10.20.30.8, 10.20.30.9
> I can connect to lan machines but not to wan.
Do the hosts in your LAN have a default gateway, i.e. does your DHCP
server pass out a router option with the leases? Check with "ipconfig"
on Windows or "route" on Linux hosts.
> cat /proc/sys/net/ipv4/ip_forward is 1
>
> What are routes I have to create with route command ?
Normally you shouldn't have to create any for that kind of setup.
Please post the output of "iptables -nL" and "iptables -t nat -nL".
> How can I routed 80 port to 10.20.30.1 with iptables ?
That is called port-forwarding, not routing. It's done via DNAT. See [1]
for instance.
[1] http://www.debian-administration.org/articles/73
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
--
To UNSUBSCRIBE, email to debian-fire...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/20110622203...@mail.planetcobalt.net
Pascal Hambourg
Manu a ï¿œcrit :
>
> Hello,
> I'm French, I'm sorry for my bad english.
You'd better be sorry for posting HTML.
> I'm a beginner debian user.
> In my home network, I have a linux machine with debian6.
> My debian has to do dhcp server with isc-server.
> I have 2 network card, eth0 = public Ip (adsl modem)
> eth1 = lan.
> My dhcp server runs.
> But I can't connect to internet with pc's.
> Description :
>
> network : 10.20.30.0
> mask : 255.255.255.0
> Windows server: 10.20.30.2
> Linux server (Debian6) : 10.20.30.1 (DHCP a nd gateway to wan)
> Accesspoint Wifi : 10.20.30.3
> NAS server : 10.20.30.4
> MAO PC: 10.20.30.5
> laptop : 10.20.30.6
> IP phone : 10.20.30.7, 10.20.30.8, 10.20.30.9
> I can connect to lan machines but not to wan.
>
> cat /proc/sys/net/ipv4/ip_forward is 1
>
> What are routes I have to create with route command ?
Probably none. But maybe you missed the masquerading.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> How can I routed 80 port to 10.20.30.1 with iptables ?
If you mean port forwarding of connections coming from outside :
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 \
-j DNAT --to 10.20.30.1
But as 10.20.30.1 is the box itself, this is probably not what you want.
--
To UNSUBSCRIBE, email to debian-fire...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4E02535A...@plouf.fr.eu.org
lee
Have you tried shorewall? It has sufficient documentation and should
make it pretty easy to achieve the setup you need, with the added
benefit of providing a fully featured firewall.
Setting up a firewall is probably much better than connecting your
networks to the internet directly without one through your ADSL
modem. It will also help you to redirect some traffic on port 80 to
10.20.30.1 and to do the neccessary masquerading.
However, I would start with setting up a name server for your networks
if you´ve not already done so.
> --------------------------------------------------------------------------------
>
> AMICALEMENT
> Manu
>
> SITES WEBS
> Mon site web Officiel (Manu-dpk.net)
> Ecoutez Radio DPK
>
> CONTACT
> - E-mail : manu...@manu-dpk.net
> - Messenger (WLM) : m...@manu-dpk.net
> - Skype : manu-dpk
>
>
>
> --------------------------------------------------------------------------------
>
>
> PS : Pour le respect de l'environnnement, n'imprimez ce mail qu'en cas de nécessité.
Can you please use the standard seperator ("-- ") for your signature and
refrain from posting HTML messages?
--
To UNSUBSCRIBE, email to debian-fire...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Javier Charne
Hello,
I'm French, I'm sorry for my bad english.I'm a beginner debian user.In my home network, I have a linux machine with debian6.My debian has to do dhcp server with isc-server.I have 2 network card, eth0 = public Ip (adsl modem)eth1 = lan.My dhcp server runs.But I can't connect to internet with pc's.Description :network : 10.20.30.0mask : 255.255.255.0Windows server: 10.20.30.2Linux server (Debian6) : 10.20.30.1 (DHCP a nd gateway to wan)Accesspoint Wifi : 10.20.30.3NAS server : 10.20.30.4MAO PC: 10.20.30.5laptop : 10.20.30.6IP phone : 10.20.30.7, 10.20.30.8, 10.20.30.9I can connect to lan machines but not to wan.cat /proc/sys/net/ipv4/ip_forward is 1
What are routes I have to create with route command ?How can I routed 80 port to 10.20.30.1 with iptables ?thank you for your help !
Check if 10.20.30.1 is default gateway for all devices in LAN.
In Debian Server, traffic to Internet must be nated:
Prithak Sharma
You need to enable Packet forwarding and NAT. Considering your network
architecture these commands may do the trick:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -A FORWARD -s 10.20.30.0/24 -d 0/0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
If you are using PPPoE then you will have to change eth1 to ppp0 for NAT.
To forward HTTP traffic (dst port 80) to your Linux box you will have
to use the following iptables rule :
iptables -t nat -A PREROUTING -i eth1 -s 10.20.30.0/24 -p tcp --dport
80 -j REDIRECT --to-ports 8080
You need to make sure that some kind of TCP service is listening on
port 8080 on your debian box . You can verify that using netstat
-tunlp command.
-Prithak
-http://prithak.blogspot.com
Archive: http://lists.debian.org/BANLkTikmVy3PVmu...@mail.gmail.com