internal host can not access hotmail

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yuwen Dai <yuwend@gmail.com>
To: netfilter@lists.netfilter.org
Subject: internal host can not access hotmail
Date: Mon, 21 Feb 2005 20:58:49 +0800	[thread overview]
Message-ID: <f7e5481105022104583d0d3b19@mail.gmail.com> (raw)

Dear All,

As an ADSL dialup user, I setup a linux box as my home gateway. Other
computers can access the
internet via the gateway, but can not visit www.hotmail.com. When
opening www.hotmail.com in a web browser, the status bar of the
browser is "wait for loginpassport....", and no page shows up.

But I can successfully browse www.hotmail.com on the linux
gateway itself. This is /etc/ppp/ip-up.d/firewall:

EXTIF="ppp0"
INTIF="eth1"

/sbin/depmod -a
/sbin/insmod ip_tables 
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_conntrack_irc
/sbin/insmod iptable_nat
/sbin/insmod ip_nat_ftp

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo "   clearing any existing rules and setting default policy.."
       
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT 
       
$IPTABLES -P OUTPUT ACCEPT 
$IPTABLES -F OUTPUT 
       
$IPTABLES -P FORWARD DROP 
       
$IPTABLES -F FORWARD

$IPTABLES -t nat -F 

echo "   FWD: Allow all connections OUT and only existing and related ones IN" 
       
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state \
ESTABLISHED,RELATED -j  ACCEPT
#$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT                              
       
$IPTABLES -A FORWARD -j LOG --log-level info

echo "   Enabling SNAT (MASQUERADE) functionality on $EXTIF"
       
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE 
       
echo -e "\nrc.firewall-2.4 v$FWVER done.\n" 

This is a very simple rule set that I copied from IPCHAINS-HOWTO.
System info:
# uname -a
Linux sarge 2.4.27-1-386 #1 Wed Dec 1 19:43:08 JST 2004 i686 GNU/Linux
# iptables --version
iptables v1.2.11

# ifconfig
eth0      Link encap:Ethernet  HWaddr 52:54:AB:57:87:9E  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:771 errors:0 dropped:0 overruns:0 frame:0
          TX packets:799 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:298340 (291.3 KiB)  TX bytes:81617 (79.7 KiB)
          Interrupt:5 Base address:0xe400 

eth1      Link encap:Ethernet  HWaddr 00:0A:EB:7B:94:BB  
          inet addr:192.168.1.254  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:11 Base address:0xe800 

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:61.171.9.149  P-t-P:218.1.1.252  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:377 errors:0 dropped:0 overruns:0 frame:0
          TX packets:388 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:263828 (257.6 KiB)  TX bytes:47792 (46.6 KiB)


Furthermore, I installed Debian Woody on the same PC, and use the same
iptables rules.  Everything is OK. The Debian woody info:

Linux yuwen 2.4.18-686 #1 Sun Apr 14 11:32:47 EST 2002 i686 unknown
iptables v1.2.6a

Any advice to diagnose this problem?  I once thought maybe something
wrong with the FORWARD rules, and tried to log the blocked
packages. But there's no log info.

Thanks in advance.

Dai Yuwen

next             reply	other threads:[~2005-02-21 12:58 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-02-21 12:58 Yuwen Dai [this message]
     [not found] ` <004c01c51828$eedd0db0$0700a8c0@sistema2>
2005-02-22  1:13   ` internal host can not access hotmail Yuwen Dai
2005-02-22  2:55 ` Wenzhuo Zhang
2005-02-23 14:17   ` Yuwen Dai
2005-02-24  6:09     ` Wenzhuo Zhang
2005-02-28  2:33       ` Yuwen Dai
2005-02-28  3:11         ` Wenzhuo Zhang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f7e5481105022104583d0d3b19@mail.gmail.com \
    --to=yuwend@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.