[Erlug] [Lungo]Iptables e win98

Andrea Lusuardi - UoVoBW <linolusu@xxxxxx> · Wed, 25 Aug 2004 15:52:43 +0200

Ciao a tutti,
sono circa 2 settimane che provo a condividere la connessione internet
con un pc con windows 98:
lo schema è

internet->modem adsl
           dial-up-><LINUX>--eth0(192.125.125.1)---eth<WINDOWS>
                                                   (192.168.0.10)

il problema è che,nonstante io abbia impostato come netmask per entrambi
255.255.255.0 e come gateway per la macchina windows l'ip della eth0 su
linux, i dati non passano e da win non riesco a andare in internet!

Come DNS ho messo i DNS della tiscali, che sono gli stessi che uso sotto
linux, ma non ottengo nulla!
Dato che i dati vedo che passano (con gkrellm) immagino sia un problema
di firewall...
posto lo script qui sotto:

#------------------------------------------------
#!/bin/bash

#moduli...

/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_length
/sbin/modprobe iptable_filter
/sbin/modprobe ip_tables
/sbin/modprobe n_hdlc
/sbin/modprobe ip_conntrack_ftp ip_nat_ftp
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_MASQUERADE

# il temibile proc

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/secure_redirects
echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/ip_forward

#flusho le regole
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD

# reimposto le regole
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT

# ping

/sbin/iptables -A INPUT -p icmp -i ppp0 -m state --state ESTABLISHED -j
ACCEPT
/sbin/iptables -A INPUT -p icmp -i ppp0 -m state --state RELATED
-j ACCEPT
/sbin/iptables -A INPUT -p icmp -i ppp0 --icmp-type
echo-request -m length --length 128:65535 -j DROP
/sbin/iptables -A INPUT
-p icmp -i ppp0 --icmp-type echo-request -m limit --limit 1/s -j
ACCEPT
/sbin/iptables -A INPUT -p icmp -i ppp0 -j REJECT --reject-with
icmp-host-unreachable
/sbin/iptables -A OUTPUT -p icmp  -m state --state
ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp  -m state --state
RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp  --icmp-type
echo-request -m length --length 128:65535 -j DROP
/sbin/iptables -A
OUTPUT -p icmp  --icmp-type echo-request -m limit --limit 1/s -j ACCEPT

# allow local loopback connections
#/sbin/iptables -A INPUT -i lo -j ACCEPT

# drop INVALID connections
/sbin/iptables -A INPUT   -m state --state INVALID -j DROP
/sbin/iptables -A OUTPUT  -m state --state INVALID -j DROP
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP

# droppo le spoofing dalla interfaccia di rete
#/sbin/iptables -A INPUT -i ppp0 --source 192.168.0.* -j DROP
#/sbin/iptables -A INPUT -i ppp0 --source 10/8.*.*.* -j DROP
#/sbin/iptables -A INPUT -i ppp0 --source 172.16/12.*.* -j DROP
#/sbin/iptables -A INPUT -i ppp0 --source 192.168/16.*.* -j DROP
#/sbin/iptables -A INPUT -i ppp0 --source 127/8.*.*.* -j DROP

# allow all established and related
/sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -m state --state RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state RELATED -j ACCEPT

#aMule

/sbin/iptables -A INPUT -i ppp0 -p tcp --dport 4660 -j ACCEPT
/sbin/iptables -A INPUT -i ppp0 -p udp --dport 4670 -j ACCEPT
/sbin/iptables -A INPUT -i ppp0 -p udp --dport 4663 -j ACCEPT

#---------------------------------------------------------------
# Attiva il nat (routing)
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Forwarda tutti i pacchetti inerenti alla notra rete locale
/sbin/iptables -A FORWARD -s 192.168.0.0/25 -j ACCEPT

# Forwarda i pacchetti destinati alla porta 80 per il pc
# 192.168.0.10

/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT
--to-destination 192.168.0.10:80
/sbin/iptables -t nat -A PREROUTING -i
eth0 -p tcp --sport 80 -j DNAT --to-destination 192.168.0.10:80

#/sbin/iptables -A FORWARD -j DROP

# Attiva il forward
echo 1 > /proc/sys/net/ipv4/ip_forward
#-------------------------------------------------------------

So che la richiesta sembra stupida, ma mio padre ha bisogno di internet

Grazie del tempo dedicatomi
Ciao

-- 
         UoVoBW aka Andrea Lusuardi
       Registered Linux User #364578
-----------------------------------------------
          Come un materasso garbazzante
             di Sconchiglioso Zeta!

To:	erlug@xxxxxxxxxxxxxx
Subject:	[Erlug] [Lungo]Iptables e win98
From:	Andrea Lusuardi - UoVoBW <linolusu@xxxxxx>
Date:	Wed, 25 Aug 2004 15:52:43 +0200

<Prev in Thread]	Current Thread	[Next in Thread>
[Erlug] [Lungo]Iptables e win98, Andrea Lusuardi - UoVoBW <= Re: [Erlug] [Lungo]Iptables e win98, Maurizio Lemmo - Tannoiser Re: [Erlug] [Lungo]Iptables e win98, Andrea Lusuardi - UoVoBW Re: [Erlug] [Lungo]Iptables e win98, Ivan - murpholo Re: [Erlug] [Lungo]Iptables e win98, Andrea Lusuardi - UoVoBW Re: [Erlug] [Lungo]Iptables e win98, Maurizio Lemmo - Tannoiser Re: [Erlug] [Lungo]Iptables e win98, Andrea Lusuardi - UoVoBW Re: [Erlug] [Lungo]Iptables e win98, Marco Bertolini - Sal Re: [Erlug] [Lungo]Iptables e win98, Andrea Lusuardi - UoVoBW Re: [Erlug] [Lungo]Iptables e win98, Davide Bolcioni Re: [Erlug] [Lungo]Iptables e win98, Andrea Lusuardi - UoVoBW

Previous by Date:	Re: [Erlug] crash e Sid, Maurizio Lemmo - Tannoiser
Next by Date:	Re: [Erlug] [Lungo]Iptables e win98, Maurizio Lemmo - Tannoiser
Previous by Thread:	[Erlug] tcpdump, dragonlair@xxxxxxxxx
Next by Thread:	Re: [Erlug] [Lungo]Iptables e win98, Maurizio Lemmo - Tannoiser
Indexes:	[Date] [Thread] [Top] [All Lists]