Ciao a tutti,
sono circa 2 settimane che provo a condividere la connessione internet
con un pc con windows 98:
lo schema è
internet->modem adsl
dial-up-><LINUX>--eth0(192.125.125.1)---eth<WINDOWS>
(192.168.0.10)
il problema è che,nonstante io abbia impostato come netmask per entrambi
255.255.255.0 e come gateway per la macchina windows l'ip della eth0 su
linux, i dati non passano e da win non riesco a andare in internet!
Come DNS ho messo i DNS della tiscali, che sono gli stessi che uso sotto
linux, ma non ottengo nulla!
Dato che i dati vedo che passano (con gkrellm) immagino sia un problema
di firewall...
posto lo script qui sotto:
#------------------------------------------------
#!/bin/bash
#moduli...
/sbin/modprobe ipt_state
/sbin/modprobe ip_conntrack
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_length
/sbin/modprobe iptable_filter
/sbin/modprobe ip_tables
/sbin/modprobe n_hdlc
/sbin/modprobe ip_conntrack_ftp ip_nat_ftp
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_MASQUERADE
# il temibile proc
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/secure_redirects
echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
echo 0 > /proc/sys/net/ipv4/conf/all/log_martians
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/ip_forward
#flusho le regole
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
# reimposto le regole
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
# ping
/sbin/iptables -A INPUT -p icmp -i ppp0 -m state --state ESTABLISHED -j
ACCEPT
/sbin/iptables -A INPUT -p icmp -i ppp0 -m state --state RELATED
-j ACCEPT
/sbin/iptables -A INPUT -p icmp -i ppp0 --icmp-type
echo-request -m length --length 128:65535 -j DROP
/sbin/iptables -A INPUT
-p icmp -i ppp0 --icmp-type echo-request -m limit --limit 1/s -j
ACCEPT
/sbin/iptables -A INPUT -p icmp -i ppp0 -j REJECT --reject-with
icmp-host-unreachable
/sbin/iptables -A OUTPUT -p icmp -m state --state
ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp -m state --state
RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp --icmp-type
echo-request -m length --length 128:65535 -j DROP
/sbin/iptables -A
OUTPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# allow local loopback connections
#/sbin/iptables -A INPUT -i lo -j ACCEPT
# drop INVALID connections
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
# droppo le spoofing dalla interfaccia di rete
#/sbin/iptables -A INPUT -i ppp0 --source 192.168.0.* -j DROP
#/sbin/iptables -A INPUT -i ppp0 --source 10/8.*.*.* -j DROP
#/sbin/iptables -A INPUT -i ppp0 --source 172.16/12.*.* -j DROP
#/sbin/iptables -A INPUT -i ppp0 --source 192.168/16.*.* -j DROP
#/sbin/iptables -A INPUT -i ppp0 --source 127/8.*.*.* -j DROP
# allow all established and related
/sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -m state --state RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state RELATED -j ACCEPT
#aMule
/sbin/iptables -A INPUT -i ppp0 -p tcp --dport 4660 -j ACCEPT
/sbin/iptables -A INPUT -i ppp0 -p udp --dport 4670 -j ACCEPT
/sbin/iptables -A INPUT -i ppp0 -p udp --dport 4663 -j ACCEPT
#---------------------------------------------------------------
# Attiva il nat (routing)
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# Forwarda tutti i pacchetti inerenti alla notra rete locale
/sbin/iptables -A FORWARD -s 192.168.0.0/25 -j ACCEPT
# Forwarda i pacchetti destinati alla porta 80 per il pc
# 192.168.0.10
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT
--to-destination 192.168.0.10:80
/sbin/iptables -t nat -A PREROUTING -i
eth0 -p tcp --sport 80 -j DNAT --to-destination 192.168.0.10:80
#/sbin/iptables -A FORWARD -j DROP
# Attiva il forward
echo 1 > /proc/sys/net/ipv4/ip_forward
#-------------------------------------------------------------
So che la richiesta sembra stupida, ma mio padre ha bisogno di internet
Grazie del tempo dedicatomi
Ciao
--
UoVoBW aka Andrea Lusuardi
Registered Linux User #364578
-----------------------------------------------
Come un materasso garbazzante
di Sconchiglioso Zeta!
|