It is currently Wed Jun 19, 2013 7:12 pm

View unanswered posts | View active topics


Board index » Zenwalk Linux » Problems

All times are UTC




Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view Previous topic | Next topic 
Author Message
ursvik
 Post subject: how do i set up an ip forwarding service ?
PostPosted: Tue Apr 04, 2006 7:32 am 
Master of the known universe
Master of the known universe

Joined: Fri Mar 10, 2006 7:57 am
Posts: 765
Location: Sundbyberg, Sweden
The problem: My pda (familiar/opie), connects via usb on usb0, it has ip 192.168.66.202, my usb interface has ip 192.168.66.200 netmask is 255.255.255.0  I can ping both ways, pda to zen and zen to pda.

With rc.ip_forward enabled i can ping the "outbound" interface on the zen box (eth0, 192.168.0.100).

eth0 is on dhcp, usb0 is static.

I got no further than that, could not ping any other machine on the network from the pda. So i started reading up on masquerading and forwarding, and found tips on how to create an iptable rule to do masquerading. The rule went into rc.netfilter, and i added netfilter rules for the services i run on  the zen box too.

this is how rc.netfilter, "activate_rules" looks right now:

Code:
# HERE YOU MAY DEFINE YOUR RULES AS IPTABLES COMMANDS
activate_rules() {

  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT # ssh
  iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
  iptables -t filter -A INPUT -p tcp --dport 111 -j ACCEPT
  iptables -t filter -A INPUT -p udp --dport 111 -j ACCEPT
  iptables -t filter -A INPUT -p udp --dport 137 -j ACCEPT
  iptables -t filter -A INPUT -p udp --dport 138 -j ACCEPT
  iptables -t filter -A INPUT -p tcp --dport 139 -j ACCEPT
  iptables -t filter -A INPUT -p tcp --dport 631 -j ACCEPT
  iptables -t filter -A INPUT -p udp --dport 631 -j ACCEPT
  iptables -t filter -A INPUT -p tcp --dport 901 -j ACCEPT
  iptables -t filter -A INPUT -p tcp --dport 902 -j ACCEPT
  iptables -t filter -A INPUT -p tcp --dport 6000 -j ACCEPT
  iptables -t filter -A OUTPUT -j ACCEPT

}


And how does it work ?    ??? really bad !

Now i can only ping from the pda to 192.168.66.200, not to 192.168.0.100, nor anywhere else in the world.

I want to access internet from the pda, can anyone help ?

Ursvik

edit:
Some further studies and rc.netfilter restarts later i found the problem...
rc.netfilter by default blocks all forwarding, so i must un-block it in my rule set.
The new rules looks like this:
Code:
# HERE YOU MAY DEFINE YOUR RULES AS IPTABLES COMMANDS
activate_rules() {

  iptables -A FORWARD -i usb0 -j ACCEPT #allow forwarding from usb0
  iptables -A FORWARD -o usb0 -j ACCEPT #allow forwarding to usb0
  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #allow NAT
  iptables -t filter -A INPUT -p icmp -j ACCEPT # ping
  iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT # ssh
.... continues as above


i am now happily using familiar with an internet connection  ;D

_________________
Ursvik

"In the end, to achieve happiness,  all you need to know is the url to the latest Zenwalk ISO. "

Last edited by ursvik on Tue Apr 04, 2006 9:15 am, edited 1 time in total.

 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 

Board index » Zenwalk Linux » Problems

All times are UTC


 Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
 

Copyright © 2005-2009 Zenwalk.org. http://www.zenwalk.org/ • The information on this website may not be reproduced, republished or mirrored on another webpage or website without explicit permission of the Zenwalk project.