From: Sam Loy <sampaw@mac.com>
To: netfilter@lists.netfilter.org
Subject: Re: Please help...
Date: Tue, 29 Jun 2004 11:57:32 -0500 [thread overview]
Message-ID: <69AC05B1-C9ED-11D8-A9BD-000A95AD0230@mac.com> (raw)
In-Reply-To: <16609.34789.711050.944527@saint.heaven.net>
Thanks everyone who has tried to help so far. I am confident I will get
it working with all of your help.
Here is some more information:
Per Marek Dohoja's reply, I added a rule to my output chain:
iptables -A FORWARD -s 192.168.1.0 - j ACCEPT.
I also tried adding 192.168.1.1 as above, with still nothing.
As suggested by Antony, I have performed the following test:
I examined the bytecounts of iptables and discovered:
Chain PREROUTING policy has accepted 11331 packets , 1345868 bytes
Chain POSTROUTING policy has accepted 12 packets, 665 bytes, but list
detail in 2 of the rules
pkts = 348, bytes=25416, target=MASQUERADE out = pp0
pkts = 3 bytes=144, target=MASQUERADE out=eth0: (which is 192.168.1.1)
There are a total of 8 rules under POSTROUTING, only 2 have any stats.
Is there anyway to clear all rules and start over?
Chain OUTPUT policy has accepted 178 packets, 7838 bytes.
ping and traceroute test:
From the firewall machine:
Can ping and traceroute www.abcnews.com. traceroute does NOT show the
route going through 192.168.1.1, but straight to the ip address
currently assigned ppp0. Which brings me to another subject: I am sure
I told adsl-setup to leave the connection up continuously, yet it drops
and re-acquires a new ip every minute. This will make any attempt to
access my LAN from outside futile. Any suggestions on how simply
acquire an ip from my isp and hold it forever would be greatly
appreciated.
From a client machine, I can ping 192.168.1.1, I can also ping the ip
assigned by my ISP (if I type fast! see above :-) When I do a
traceroute from my client to the ISP ip, it DOES go through
192.168.1.1.
HOWEVER - I CANNOT ping www.abcnews.com OR the ip it resolves
to(199.181.132.250) from a client machine.
After I conduct ping/traceroute test, the byte counts from the -nvx
command increase on the ppp0 MASQUERADE rule ONLY, not on the eth0
rule...and ONLY when executed on the firewall machine. The byte counts
do not change at all when test executed from the client machine.
Routing Table:
When ppp0 is up: (Again, ppp0 is reconnecting every 60 seconds...make
it stop! :-()
Dest GW Mask Iface
(ISP assigned IP) 0.0.0.0 255.255.255.255 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 lo
0.0.0.0 (ISP assign IP) 0.0.0.0 ppp0
I hope this is enough information.
By the way, Dick St. Peters, I tried your suggestion and it had no
effect.
Thank you all again.
Sincerely,
Sam Loy
next prev parent reply other threads:[~2004-06-29 16:57 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-06-28 21:56 Please help Sam Loy
2004-06-28 22:13 ` Antony Stone
2004-06-28 22:18 ` Marek Dohojda
[not found] ` <16609.34789.711050.944527@saint.heaven.net>
2004-06-29 16:57 ` Sam Loy [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-11-12 9:02 Please Help Richard
2019-11-12 8:32 Richard
2019-11-12 8:15 Richard
2019-11-12 7:08 Richard
2012-01-15 23:25 Tai Bei
2012-01-15 23:25 Tai Bei
2012-01-15 21:40 Tai Bei
2010-05-07 11:36 Pol
2009-02-11 14:59 constantine
2007-10-10 5:56 please help cyjoyp
2004-05-02 14:13 Please help raven
2004-05-03 13:21 ` Jeff Moyer
[not found] <001c01c0b04b$7b39df80$4c0c5c8c@trd.iii.org.tw>
2001-03-19 18:21 ` guru
2001-03-19 18:38 ` nick
2001-03-19 18:56 ` Jonathan Lundell
2001-03-19 23:29 ` Dr. Kelsey Hudson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69AC05B1-C9ED-11D8-A9BD-000A95AD0230@mac.com \
--to=sampaw@mac.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.