[NTLUG:Discuss] routing problem?

m m llliiilll at hotmail.com
Wed Sep 10 09:23:12 CDT 2008 




> Date: Wed, 10 Sep 2008 07:01:51 -0500> From: trryhend at gmail.com> To: discuss at ntlug.org> Subject: Re: [NTLUG:Discuss] routing problem?> > On Tue, Sep 9, 2008 at 8:50 PM, m m <llliiilll at hotmail.com> wrote:> > > All:> >> > I have the use fedora 8 as a firewall/router.> > Time Wanner basic cable connection.> > Don't know what the problem, when try to download a file, it only goes to 9> > kb/sec.> >> > Another "big" problem is> > only that fedora 8 firewall/router box can go to http://mypisd.net> > the rest of my computers (connect to the internet via this firewall/router> > box) can't find that server (can't go that web site)> > this is the error message:> > Internet Explorer can't display the page> > ...> >> > How/What can cause the problem?> >> > Again, the rest of my computers can go any other web sites except> > mypisd.net site.> >> > Can any one help?> >> > Thanks.> >> > We might be able to help if you will send your firewall script, the hosts> file and a snapshot of tcpdump while you are trying to go to mypsid.net
 
ok, here are the files.
 
firewall script:
---------------------------------------------------------------------
#!/bin/shecho "1" > /proc/sys/net/ipv4/ip_forward
iptables -F -v
# Insert the required kernel modulesmodprobe iptable_natmodprobe ip_conntrackmodprobe ip_conntrack_ftpmodprobe ip_nat_ftp
# Set default policies for packets going through this firewall box
# Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do     echo 1 > $fdone
# Anything coming from our internal network should have only our addresses!# iptables -A FORWARD -i eth1 -s ! 192.168.1.0/24 -j DROP
iptables -A FORWARD -i eth0 -s 169.151.6.100 -j ACCEPTiptables  -v -t nat -A POSTROUTING -s 192.168.1.0/24 -j  MASQUERADEiptables  -v -t nat -A POSTROUTING -d 24.xxx.xxx.xxx -j  MASQUERADE
# Note:There are more "reserved" networks, but these are the classical ones.
# Block outgoing network filesharing protocols that aren't designed# to leave the LAN
#    SMB / Windows filesharingiptables -A FORWARD -p tcp --sport 137:139 -j DROPiptables -A FORWARD -p udp --sport 137:139 -j DROP#    NFS Mount Service (TCP/UDP 635)iptables -A FORWARD -p tcp --sport 635 -j DROPiptables -A FORWARD -p udp --sport 635 -j DROP#    NFS (TCP/UDP 2049)iptables -A FORWARD -p tcp --sport 2049 -j DROPiptables -A FORWARD -p udp --sport 2049 -j DROP#    Portmapper (TCP/UDP 111)iptables -A FORWARD -p tcp --sport 111 -j DROPiptables -A FORWARD -p udp --sport 111 -j DROP
# Block incoming syslog, lpr, rsh, rexec...iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROPiptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROPiptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP
# Source NAT to get Internet traffic throughiptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 24.xxx.xxx.xxx
echo "1" > /proc/sys/net/ipv4/ip_forward
----------------------------------------------------
 
hosts:
-------------------------------------------------------
 # Do not remove the following line, or various programs# that require network functionality will fail.127.0.0.1 localhost.localdomain localhost heddy::1 localhost.localdomain localhost a1192.168.1.2 a2 192.168.1.3 a3192.168.1.4 a4 192.168.1.5 a5 192.168.1.6 a6 192.168.1.7 a7192.168.1.8 a8 192.168.1.9 a9 192.168.1.1 a1 
--------------------------------------------------------------
 
the hosts.allow and hosts.deny are blank. (only default notes)
 
the one I have missed here are tcpdump, what tcpdump args I need use for getting a snapshot?
in other words, what how do I make a tcpdump snapshot?
I have tried
tcpdump > filename
but not succeed.
 
Answer you other questions in this thread:
 
1. I don't run squid caching proxy.
2. I don't use firestarter.
3. nothing in the /etc/hosts.deny and /etc/hostd.deny 
 
Let me know if you need more information.
 
please help.
 
Thanks.
 
 
 
 
> _______________________________________________> http://www.ntlug.org/mailman/listinfo/discuss
_________________________________________________________________
See how Windows connects the people, information, and fun that are part of your life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/

More information about the Discuss mailing list