New modem and iptables...

[John Summerfield]

Antonio wrote:
> I installed a new modem ADSL2+ that doesn' t need pppo any longer
> because it starts connection by himself
> 
> I had this set of rules on my my computer acting as a router.
> When I switched from the old to the new modem, the computer on the lan
> didn't surf the net, the I realized that I had to change some rule.
> 
> # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> *nat
> :OUTPUT ACCEPT [0:0]
> :PREROUTING ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
> # Forward HTTP connections to Squid proxy
> -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
> COMMIT
> # Completed on Fri Feb 21 09:27:33 2003
> # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> *mangle
> :PREROUTING ACCEPT [9:432]
> :INPUT ACCEPT [3:234]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [9:684]
> :POSTROUTING ACCEPT [17:1292]
> COMMIT
> # Completed on Fri Feb 21 09:27:33 2003
> # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003
> *filter
> :FORWARD DROP [0:0]
> :INPUT DROP [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A FORWARD -i eth0 -j ACCEPT
> -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -i eth0 -j ACCEPT
> COMMIT
> # Completed on Fri Feb 21 09:27:33 2003
> 
> 
> _______________________________________________________
> I replaced the postrouting line by:
> 
> -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
> 
> But the LAN didn't work. Where is the mistake???


I expect your "modem" is actually a router, and that you can just turn 
your Linux firewall off. The router performs firewall and NAT functions 
that are perfectly adequate for most people.



-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu

Please do not reply off-list