From: "Nico Berg" <nberg@gandalf.xs4all.nl>
To: lartc@vger.kernel.org
Subject: [LARTC] 4 ipadresses only one working
Date: Fri, 30 Aug 2002 08:32:32 +0000 [thread overview]
Message-ID: <marc-lartc-103069644131557@msgid-missing> (raw)
Dear listreaders,
This is about my last hope! I'm new to this list.
Running Suse Linux 8 (for shortly installed over 7.2) I have an adsl
connection and can loggin 4 times. Every time I loggin at my ISP I get an
ipadres. So I own 4 ipadresses. Only this first adress is working.
The other 3 are connected, can do a tcpdump and see reaction's only the one
who is pinging doesn't get an reaction. So, apperently the machine doesn't
react to this ipadresses because they are not in the system or so???? I put
in a piece tcpdump.
tcpdump: listening on ppp1
14:37:42.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:43.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:44.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:45.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:46.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:47.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
14:37:48.123230 194.109.6.44 > 213.84.46.145: icmp: echo request
Reaction from the ping adres
PING 213.84.46.145 (213.84.46.145): 56 data bytes
^C
--- 213.84.46.145 ping statistics ---
7 packets transmitted, 0 packets received, 100% packet loss
I can ping from my intern network then it works normal with a normal
reaction. I have a server (the machine discused above) and 4 machine getting
there internetaccess from the server with iptables.
#!/bin/sh
# Masquerading firewall (simpel)
# 13 augustus 2001
# Bart Geverts (bart@hakkefest.linux-site.net)
# Een hele eenvoudige masquerading firewall waarmee het mogelijk om met het
# hele achterliggende LAN het internet op te kunnen. Het 'firewall' gedeelte
# bestaat uit het afsluiten van een aantal poorten waarop relatief riskante
# servers draaien. Alleen de variabelen moeten aan de omgeving worden
aangepast.
############################################################################
####
# variabelen
# waar iptables staat
IPTABLES="/usr/sbin/iptables"
# interfaces
INTERNAL_INTERFACE="eth1" # interface waarmee gateway aan lokale netwerk
zit
EXTERNAL_INTERFACE="ppp+" # interface waarmee gateway aan het internet zit
#EXTERNAL_INTERFACE2="ppp1" # tweede ipnr
#EXTERNAL_INTERFACE3="ppp2" # derde
#EXTERNAL_INTERFACE4="ppp3" # vierde
# ipadressen / netwerken
LAN="196.168.0.1/24" # lokale netwerk
# ip nummers
#IP_nr_1="213.84.46.144"
#IP_nr_2="213.84.46.145"
#IP_nr_3="213.84.46.146"
#IP_nr_4="213.84.46.147"
############################################################################
####
# clean-up + init
# flush en clear alle rules en zet de tellers op 0
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t nat -Z
# set de default policies
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
############################################################################
####
# initialiseren van de kernel
## Enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
############################################################################
####
# masquerade
## Alles met afkomst van of bestemming lokale netwerk heeft forwarden
$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE -j MASQUERADE
$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -s
$LAN -d ! $LAN -j ACCEPT
$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i $EXTERNAL_INTERFACE -d
$LAN -s ! $LAN -j ACCEPT
############################################################################
##### Tweede IPnr
#$IPTABLES -A POSTROUTING -t nat -o $EXTERNAL_INTERFACE_2 - MASQUERADE
#$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE2 -s
$LAN -d ! $LAN -j ACCEPT
#$IPTABLES -A FORWARD -o $INTERNAL_INTERFACE -i $EXTERNAL_INTERFACE2 -d
$LAN -s ! $LAN -j ACCEPT
#$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE_2 -j ACCEPT
#$IPTABLES -A OUTPUT -o $EXTERNAL_INTERFACE_2 -j ACCEPT
############################################################################
####
# riskante servers afsluiten
## telnet afsluiten voor de buitenwereld
$IPTABLES -A INPUT -p tcp --destination-port 23 -i $EXTERNAL_INTERFACE -j
DROP
#
#$IPTABLES -L
If my ipadresses working properly then I want to extend the firewallscript
to a normal working firewall (in the mean time I have updated my swiss
cheese to a normal functional firewall).
I hope somebody can help me out here and tell me how to (I think Postrouting
or so) my 3 adresses. If there is somebody interested I have put a lot of
information on a webpages and publised it on the first ipadres:
http://gandalf.xs4all.nl/Suse.html
So please help! Greetings, Nico Berg
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2002-08-30 8:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-08-30 8:32 Nico Berg [this message]
2002-08-30 9:22 ` [LARTC] 4 ipadresses only one working niels
2002-09-01 23:00 ` Nico Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103069644131557@msgid-missing \
--to=nberg@gandalf.xs4all.nl \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.