Iptables

nomorewindows · 2011-01-06 02:02:13

I went through the whole Simple state firewall wiki and that didn't work (I don't think I really need it, since I'm not directly connecting this one to the internet). I flushed the iptables and then used the Internet share wiki. I got it to work *ONE* time, before the dual networking machine hard-stopped and I had to reboot. Now I can't get it to forward from one card to the other. And yes, I had to do the fix to keep the cards from switching around on each other on reboot. All forwarding options have been set in appropriate files. Using the internet share wiki, it won't do it again.

----------------
I tried updating the clocks using the ntp server and somehow this fixed the problem?

Last edited by nomorewindows (2011-01-06 02:12:05)

fukawi2 · 2011-01-06 09:01:23

Post the output of:

iptables -nvL
iptables -t nat -nvL
cat /proc/sys/net/ipv4/ip_forward

EDIT: Oh, and give us more detail about what "won't work" means.

Last edited by fukawi2 (2011-01-06 09:01:54)

nomorewindows · 2011-01-07 00:37:18

iptables -nvL: is empty
iptables -t nat -nvL: (thanks for the tip! I couldn't figure out where my nat record was): bi-directional MASQUERADE, need to delete one of the rules
cat /proc/sys/net/ipv4/ip_forward: 1

fukawi2 · 2011-01-07 02:15:08

Please post the output, not your transcription of the output. There's still relevant information in what you consider to be "empty" (eg, the chain policies).

nomorewindows · 2011-01-07 03:06:08

Chain INPUT (policy ACCEPT, xxx packets, xxx bytes)
pkts bytes target prot in out source destination

Chain FORWARD (policy ACCEPT, xxx packets, xxx bytes)
pkts bytes target prot in out source destination

Chain OUTPUT (policy ACCEPT, xxx packets, xxx bytes)
pkts bytes target prot in out source destination
---------------------------------
Chain PREROUTING (policy ACCEPT, xxx packets, xxx bytes)
pkts bytes target prot in out source destination

Chain OUTPUT (policy ACCEPT, xxx packets, xxx bytes)
pkts bytes target prot in out source destination

Chain POSTROUTING (policy ACCEPT, xxx packets, xxx bytes)
pkts bytes target prot in out source destination
xxx xxxx MASQUERADE all * ethx 0.0.0.0 0.0.0.0

This is the correct table according to the internet sharing wiki, and using now. The stateful firewall had many more rules than this and didn't forward.

The problem I ran into had to do with not being routed because of incorrect timestamps (the clocks on the computers were wrong), but for some strange reason was able to get the ntp time from a ntp server across the internet and set it correctly and then everything was ok. Iptables may have marked it invalid by default. Pinging would give a message (which led me to the answer), about warning: time has been set back (or something like this), taking counteractive measures. I tried another machine in the process and that's what gave me the solution.

fukawi2 · 2011-01-07 05:28:55

nomorewindows wrote:

Pinging would give a message (which led me to the answer), about warning: time has been set back (or something like this), taking counteractive measures. I tried another machine in the process and that's what gave me the solution.

So... There's no longer a problem?

nomorewindows · 2011-01-07 05:40:40

Apparently so...not sure if the kernel panic has something to do with my dual network setup as it didn't do that with the single network card? That was it for the iptables though.

Last edited by nomorewindows (2011-01-07 05:45:31)

Arch Linux

#1 2011-01-06 02:02:13

Iptables

#2 2011-01-06 09:01:23

Re: Iptables

#3 2011-01-07 00:37:18

Re: Iptables

#4 2011-01-07 02:15:08

Re: Iptables

#5 2011-01-07 03:06:08

Re: Iptables

#6 2011-01-07 05:28:55

Re: Iptables

#7 2011-01-07 05:40:40

Re: Iptables

Board footer