Wallex
10-31-2002, 02:07 AM
I decided I wanted to build my own firewall rules instead of using Yast's firewall... so.. I've started with this, and I can't even get the routing and masquerading to work correctly! I've done some reading and when I set up what I thought would work... it just didn't. So... now I've 'degraded' my firewall to the point where it can't really be called a firewall anymore. This is what I have:
Filter Table:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Nat Table:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 200.200.200.100 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Mangle Table:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
So... 200.200.200.100 is the ip of the local LAN's machine I am testing with (win2000 Server), so shouldn't this basic 'almost nonexistant' firewall work for the routing? Am I missing something else? By the way.. I disabled the firewall from Suse's yast menu... but since the iptables are part of the kernel, they are running all the time, aren't they? Also.. I should expect changes I make to the tables to take effect immediately, shouldn't I? I am still trying to figure out why such a simple configuration won't work... and I doubt it has to do with the other pc's, because they worked fine with the routing before I disabled Suse's firewall. Help?
EDIT: I did some more testing... and:
1. machines can ping each other in the LAN.
2. Machines from the LAN can't ping the external network (tried it with Google's ip) so this is not a DNS issue, it really is my iptables that's somehow 'misconfigured' or just plain not working... can such an important thing be just 'shut down'?
Filter Table:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Nat Table:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 200.200.200.100 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Mangle Table:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
So... 200.200.200.100 is the ip of the local LAN's machine I am testing with (win2000 Server), so shouldn't this basic 'almost nonexistant' firewall work for the routing? Am I missing something else? By the way.. I disabled the firewall from Suse's yast menu... but since the iptables are part of the kernel, they are running all the time, aren't they? Also.. I should expect changes I make to the tables to take effect immediately, shouldn't I? I am still trying to figure out why such a simple configuration won't work... and I doubt it has to do with the other pc's, because they worked fine with the routing before I disabled Suse's firewall. Help?
EDIT: I did some more testing... and:
1. machines can ping each other in the LAN.
2. Machines from the LAN can't ping the external network (tried it with Google's ip) so this is not a DNS issue, it really is my iptables that's somehow 'misconfigured' or just plain not working... can such an important thing be just 'shut down'?