~alpine/devel

1

[alpine-devel] Alpine as Gateway

Mohsen Ahmadian <mohsen.etc@gmail.com>
Details
Message ID
<CABDvhBzF9TacQdkQQMNhXj17AqXqwvfCTWDQVf6wJkOf5TD1XQ@mail.gmail.com>
Sender timestamp
1324056280
DKIM signature
missing
Download raw message
12 years ago 
Hello to all
 I am new in alpine and i want to create a gateway by alpine.
<<internet>>----------<<alpine linux>>------------<<internal>>
            eth1 pppoe                 eth0 NAT
I config pppoe and firewall (iptables) and any things that need.when i ping
4.2.2.4 the result is true ( in Alpine and the client of it)
but i can't open any site ( or download with wget in alpine) in client.
*what is wrong*??? :-(
*please help me.*
thank you
---------------------------------------
atom:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  192.168.0.0/24       anywhere             ctstate NEW
ACCEPT     all  --  192.168.0.0/24       anywhere             ctstate NEW
ACCEPT     all  --  anywhere             anywhere             state
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
----------------------------------------
                interface
----------------------------------------
iface lo inet loopback
iface eth0 inet static
        address 192.168.0.120
        netmask 255.255.255.0
        broadcast 192.168.0.255
--------------------------------------------
rules
-------------------------------------------
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F #ignore if you get an error here
/sbin/iptables -X #deletes every non-builtin chain in the table

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -i ppp0 -j ACCEPT
# only if both of the above rules succeed, use
/sbin/iptables -P INPUT DROP

/sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

/sbin/iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
-----------------------------------------------------------
Nathan Angelacos <nangel@alpinelinux.org>
Details
Message ID
<4EEB8215.1000500@alpinelinux.org>
In-Reply-To
<CABDvhBzF9TacQdkQQMNhXj17AqXqwvfCTWDQVf6wJkOf5TD1XQ@mail.gmail.com> (view parent)
Sender timestamp
1324057109
DKIM signature
missing
Download raw message
12 years ago 
On 12/16/2011 09:24 AM, Mohsen Ahmadian wrote:
> Hello to all
>   I am new in alpine and i want to create a gateway by alpine.
> <<internet>>----------<<alpine linux>>------------<<internal>>
>              eth1 pppoe                 eth0 NAT
> I config pppoe and firewall (iptables) and any things that need.when i
> ping 4.2.2.4 the result is true ( in Alpine and the client of it)
> but i can't open any site ( or download with wget in alpine) in client.
> *what is wrong*??? :-(
> *please help me.*
> thank you
> ---------------------------------------
> atom:~# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere             state
> RELATED,ESTABLISHED
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere             state
> RELATED,ESTABLISHED
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  -- 192.168.0.0/24 <http://192.168.0.0/24>
> anywhere             ctstate NEW
> ACCEPT     all  -- 192.168.0.0/24 <http://192.168.0.0/24>
> anywhere             ctstate NEW
> ACCEPT     all  --  anywhere             anywhere             state
> RELATED,ESTABLISHED
> ACCEPT     all  --  anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ----------------------------------------
>                  interface
> ----------------------------------------
> iface lo inet loopback
> iface eth0 inet static
>          address 192.168.0.120
>          netmask 255.255.255.0
>          broadcast 192.168.0.255
> --------------------------------------------
> rules
> -------------------------------------------
> /sbin/iptables -F
> /sbin/iptables -t nat -F
> /sbin/iptables -t mangle -F #ignore if you get an error here
> /sbin/iptables -X #deletes every non-builtin chain in the table
>
> /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A INPUT -m state --state NEW -i ppp0 -j ACCEPT
> # only if both of the above rules succeed, use
> /sbin/iptables -P INPUT DROP
>
> /sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state
> ESTABLISHED,RELATED -j ACCEPT
> /sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
>
> /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> /sbin/iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
> -----------------------------------------------------------
>
>

do you have ip forwarding turned on?

echo 1 >/proc/net/ipv4/ip_forward

- top make sure it is set after next reboot, add the following to 
/etc/sysctl.conf and do an lbu commit

net.ipv4.ip_forward = 1





_forward turned on?

#echo /cat/proc/

74.117.189.108


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)