[NTLUG:Discuss] routing problem?

m m llliiilll at hotmail.com
Wed Sep 10 10:11:55 CDT 2008 

Another try, hope this works. Sorry for the repeating post.



> Date: Wed, 10 Sep 2008 07:01:51 -0500> From: trryhend at gmail.com> To: discuss at ntlug.org> Subject: Re: [NTLUG:Discuss] routing problem?> > On Tue, Sep 9, 2008 at 8:50 PM, m m <llliiilll at hotmail.com> wrote:> > > All:> >> > I have the use fedora 8 as a firewall/router.> > Time Wanner basic cable connection.> > Don't know what the problem, when try to download a file, it only goes to 9> > kb/sec.> >> > Another "big" problem is> > only that fedora 8 firewall/router box can go to http://mypisd.net> > the rest of my computers (connect to the internet via this firewall/router> > box) can't find that server (can't go that web site)> > this is the error message:> > Internet Explorer can't display the page> > ...> >> > How/What can cause the problem?> >> > Again, the rest of my computers can go any other web sites except> > mypisd.net site.> >> > Can any one help?> >> > Thanks.> >> > We might be able to help if you will send your firewall script, the hosts> file and a snapshot of tcpdump while you are trying to go to mypsid.net
 
ok, here are the files.firewall script:
---------------------------------------------------------------------
#!/bin/shecho "1" > /proc/sys/net/ipv4/ip_forward
iptables -F -v
# Insert the required kernel modules
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
# Set default policies for packets going through this firewall box
# Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter;
 do     echo 1 > $fdone
# Anything coming from our internal network should have only our addresses!
# iptables -A FORWARD -i eth1 -s ! 192.168.1.0/24 -j DROP
iptables -A FORWARD -i eth0 -s 169.151.6.100 -j ACCEPT
iptables  -v -t nat -A POSTROUTING -s 192.168.1.0/24 -j  MASQUERADE
iptables  -v -t nat -A POSTROUTING -d 24.xxx.xxx.xxx -j  MASQUERADE
# Note:There are more "reserved" networks, but these are the classical ones.
# Block outgoing network filesharing protocols that aren't designed
# to leave the LAN
#    SMB / Windows filesharing
iptables -A FORWARD -p tcp --sport 137:139 -j DROP
iptables -A FORWARD -p udp --sport 137:139 -j DROP
#    NFS Mount Service (TCP/UDP 635)
iptables -A FORWARD -p tcp --sport 635 -j DROP
iptables -A FORWARD -p udp --sport 635 -j DROP
#    NFS (TCP/UDP 2049)
iptables -A FORWARD -p tcp --sport 2049 -j DROP
iptables -A FORWARD -p udp --sport 2049 -j DROP
#    Portmapper (TCP/UDP 111)
iptables -A FORWARD -p tcp --sport 111 -j DROP
iptables -A FORWARD -p udp --sport 111 -j DROP
# Block incoming syslog, lpr, rsh, rexec...
iptables -A FORWARD -i eth0 -p udp --dport syslog -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 515 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 514 -j DROP
iptables -A FORWARD -i eth0 -p tcp --dport 512 -j DROP
# Source NAT to get Internet traffic through
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 24.xxx.xxx.xxx
echo "1" > /proc/sys/net/ipv4/ip_forward 
------------------------------------------------------------
hosts:
-------------------------------------------------------
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost a1
::1 localhost.localdomain localhost a1
192.168.1.2 a2 
192.168.1.3 a3
192.168.1.4 a4 
192.168.1.5 a5 
192.168.1.6 a6 
192.168.1.7 a7
192.168.1.8 a8 
192.168.1.9 a9 
192.168.1.1 a1
 --------------------------------------------------------------
 
the hosts.allow and hosts.deny are blank. (only default notes)
 
the one I have missed here are tcpdump, what tcpdump args I need use for getting a snapshot?
in other words, what how do I make a tcpdump snapshot?
I have tried
tcpdump > filename
but not succeed.
 
Answer you other questions in this thread:
1. I don't run squid caching proxy.
2. I don't use firestarter.
3. nothing in the /etc/hosts.deny and /etc/hostd.deny
 
Let me know if you need more information.
please help.
 
Thanks. 
 
 
_________________________________________________________________
Get more out of the Web. Learn 10 hidden secrets of Windows Live.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008

More information about the Discuss mailing list