[alpine-devel] Packet forwarding doesn't work (or I'm a too stupid)
Hi,
I'm at a total loss. I've completely set up my Alpine based router, only
to discover, it doesn't forward packets. This behaviour is verified on a
physical machine and a VirtualBox machine with two NICs, each.
[PC 192.168.2.1]
|
[eth1:192.168.2.254 | Alpine | eth0:192.168.1.1]
|
[Modem 192.168.1.254]
I've:
1) booted the most recent Alpine ISO image and logged in as root
2) apk add iptables
3) ip link set up eth0
4) ip link set up eth1
5) ip address add 192.168.1.1/24 dev eth0
6) ip address add 192.168.2.254/24 dev eth1
7) ip route add default via 192.168.1.254 dev eth0
which results in:
##>iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
##>iptables -t nat -S
-P PREROUTING ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
##>ip route show
default via 192.168.1.254 dev eth0
192.168.2.0/24 dev eth1 src 192.168.2.254
192.168.1.0/24 dev eth0 src 192.168.1.1
Whatever I try, I can't ping 192.168.1.254 (connected to eth0 of the
router) from the pc 192.168.2.1 (connected to eth1 of the router).
Pinging both, the pc and the modem, from the router works perfectly. The
pc can, of course, ping the router at 192.168.2.254 and even the remote
interface at 192.168.1.1, but not the modem at 192.168.1.254. Packet
logging does neither show outgoing, nor incoming packets rejected or
dropped.
Later on,I've installed Privoxy, dhcpcd (for eth0), BIND and other
daemons on the physical router. All traffic originating from the router,
e.g. dhcpcd and BIND, adds to the packet count in the OUTPUT chain of
iptables' filter table and reaches it's destination. All HTTP traffic
passing through Privoxy adds to both, the INPUT and the OUTPUT chains,
while HTTPS traffic cannot be digested by Privoxy and should therefore
be bypassing Privoxy through the FORWARD chain. But while I'm sure the
corresponding nat and filter rules are working, there are no packets
registered passing through the FORWARD chain. Whatever protocol
(HTTPS,FTP,POP3) is send, all packet counters remain zero and no
connections are established.It looks like the packets are dropped,
somewhere.
My reference is another Linux router with 2.16.x kernel, where I
extracted those long-term tested and optimized iptables rules from. I
also made sure the same kernel modules are loaded on both routers. While
the 2.16.x kernel router forwards packets as expected, the Alpine router
does not.
I've already spent days trying to figure out, what's wrong. Meanwhile I
ran out of things to check, so I'd really appreciate if anybody would
make any suggestions! The www search didn't yield results, either.
Has anyone had any similar behaviour? Does packet forwarding generally
work on all of your Alpine systems? Am I just totally off? 8-/
Thanks for your help, Tiger
##>iptables-save
# Generated by iptables-save v1.4.12.1 on Fri Apr 6 23:13:23 2012
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:fw-drp-log - [0:0]
:fw-rej - [0:0]
:fw-rej-fin - [0:0]
:fw-rej-log - [0:0]
:fw-www-acc - [0:0]
:in-dhcpd - [0:0]
:in-drp-log - [0:0]
:in-icmp - [0:0]
:in-rej - [0:0]
:in-rej-fin - [0:0]
:in-rej-log - [0:0]
[0:0] -A INPUT -p icmp -m comment --comment ICMP -j in-icmp
[0:0] -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment
"RELATED,ESTABLISHED" -j ACCEPT
[0:0] -A INPUT -i lo -m comment --comment "Local Traffic" -j ACCEPT
[0:0] -A INPUT -s 127.0.0.1/32 -m state --state NEW -m comment --comment
"Local Traffic" -j DROP
[0:0] -A INPUT -d 127.0.0.1/32 -m state --state NEW -m comment --comment
"Local Traffic" -j DROP
[0:0] -A INPUT -s 192.168.2.0/24 -m comment --comment "LAN Traffic" -j
ACCEPT
[0:0] -A INPUT -s 192.168.3.0/24 -m comment --comment "VoIP Traffic" -j
ACCEPT
[0:0] -A INPUT -p tcp -m tcp --dport 2222 -m comment --comment SSH -j ACCEPT
[0:0] -A INPUT -i eth1 -p udp -m comment --comment DHCP -m udp --dport
67 -j ACCEPT
[0:0] -A INPUT -s 192.168.1.254/32 -p udp -m udp --dport 5060 -m comment
--comment "SIP from Modem" -j ACCEPT
[0:0] -A INPUT -p udp -m udp --dport 17000:17031 -m comment --comment
RTP -j ACCEPT
[0:0] -A INPUT -j DROP
[0:0] -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -m comment
--comment "RELATED,ESTABLISHED" -j ACCEPT
[0:0] -A FORWARD -s 127.0.0.1/32 -m state --state NEW -m comment
--comment "Drop Local Traffic" -j fw-drp-log
[0:0] -A FORWARD -d 127.0.0.1/32 -m state --state NEW -m comment
--comment "Drop Local Traffic" -j fw-drp-log
[0:0] -A FORWARD -p tcp -m tcp --dport 139 -m comment --comment "Drop
NETBIOS/Samba" -j DROP
[0:0] -A FORWARD -p tcp -m tcp --dport 445 -m comment --comment "Drop
NETBIOS/Samba" -j DROP
[0:0] -A FORWARD -p udp -m udp --dport 137:138 -m comment --comment
"Drop NETBIOS/Samba" -j DROP
[0:0] -A FORWARD -p tcp -m tcp --dport 80 -m comment --comment "Reject
unsoliceted HTTP" -j fw-rej-log
[0:0] -A FORWARD -p udp -m udp --dport 53 -m comment --comment "Reject
unsoliceted DNS" -j fw-rej-log
[0:0] -A FORWARD -j fw-www-acc
[0:0] -A FORWARD -j fw-rej-log
[0:0] -A OUTPUT -o ppp0 -j ACCEPT
[0:0] -A OUTPUT -o eth0 -j ACCEPT
[0:0] -A OUTPUT -o eth1 -j ACCEPT
[0:0] -A fw-drp-log -m limit --limit 1/sec --limit-burst 3 -j LOG
--log-prefix "fw-forward-drop "
[0:0] -A fw-drp-log -j DROP
[0:0] -A fw-rej -p udp -m limit --limit 1/sec --limit-burst 3 -j fw-rej-fin
[0:0] -A fw-rej ! -p udp -m limit --limit 1/sec --limit-burst 3 -j
fw-rej-fin
[0:0] -A fw-rej -j DROP
[0:0] -A fw-rej-fin ! -p icmp -j REJECT --reject-with icmp-admin-prohibited
[0:0] -A fw-rej-fin -j DROP
[0:0] -A fw-rej-log -m limit --limit 1/sec --limit-burst 3 -j LOG
--log-prefix "fw-forward-reject "
[0:0] -A fw-rej-log -j fw-rej
[0:0] -A fw-www-acc -s 192.168.2.128/25 -m comment --comment "Solicited
LAN Outbound" -j ACCEPT
[0:0] -A fw-www-acc -s 192.168.3.128/25 -m comment --comment "Solicited
VoIP Outbound" -j ACCEPT
[0:0] -A in-dhcpd -i eth1 -m comment --comment "Accept eth1" -j ACCEPT
[0:0] -A in-dhcpd -j DROP
[0:0] -A in-drp-log -m limit --limit 1/sec --limit-burst 3 -j LOG
--log-prefix "fw-input-drop "
[0:0] -A in-drp-log -j DROP
[0:0] -A in-icmp -p icmp -m icmp --icmp-type 8 -m length --length 0:100
-m limit --limit 1/sec -m comment --comment "Ping Limit 1/sec" -j ACCEPT
[0:0] -A in-icmp -m state --state RELATED -m comment --comment RELATED
-j ACCEPT
[0:0] -A in-rej -p udp -m limit --limit 1/sec --limit-burst 3 -j in-rej-fin
[0:0] -A in-rej ! -p udp -m limit --limit 1/sec --limit-burst 3 -j
in-rej-fin
[0:0] -A in-rej -j DROP
[0:0] -A in-rej-fin -p tcp -j REJECT --reject-with tcp-reset
[0:0] -A in-rej-fin -p udp -j REJECT --reject-with icmp-port-unreachable
[0:0] -A in-rej-fin ! -p icmp -j REJECT --reject-with icmp-proto-unreachable
[0:0] -A in-rej-fin -j DROP
[0:0] -A in-rej-log -m limit --limit 1/sec --limit-burst 3 -j LOG
--log-prefix "fw-input-reject "
[0:0] -A in-rej-log -j in-rej
COMMIT
# Completed on Fri Apr 6 23:13:23 2012
# Generated by iptables-save v1.4.12.1 on Fri Apr 6 23:13:23 2012
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:post-out-ovpn - [0:0]
:pre-in-dns - [0:0]
:pre-in-privoxy - [0:0]
[0:0] -A PREROUTING -p udp -m comment --comment "DNS Redirect" -m udp
--dport 53 -j pre-in-dns
[0:0] -A PREROUTING -p tcp -m comment --comment "Privoxy Redirect" -m
tcp --dport 80 -j pre-in-privoxy
[0:0] -A POSTROUTING -s 192.168.0.0/16 -m comment --comment Masquerading
-j MASQUERADE
[0:0] -A pre-in-dns -s 192.168.0.0/16 -p udp -m comment --comment "Force
DNS thru BIND" -j REDIRECT --to-ports 53
[0:0] -A pre-in-privoxy -s 192.168.0.0/16 -p tcp -m comment --comment
"Privoxy HTTP Redirect" -j REDIRECT --to-ports 8081
COMMIT
# Completed on Fri Apr 6 23:13:23 2012
# Generated by iptables-save v1.4.12.1 on Fri Apr 6 23:13:23 2012
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Apr 6 23:13:23 2012
##>lsmod
Module Size Used by Not tainted
iptable_mangle 1470 0
ipt_REDIRECT 1133 2
ipt_MASQUERADE 1576 1
iptable_nat 3590 1
nf_nat 13271 3 ipt_REDIRECT,ipt_MASQUERADE,iptable_nat
xt_length 1194 1
ipt_REJECT 2087 4
ipt_LOG 6324 4
xt_limit 1976 9
xt_TCPMSS 3037 1
xt_tcpudp 2301 12
nf_conntrack_ipv4 10348 10 iptable_nat,nf_nat
nf_defrag_ipv4 1305 1 nf_conntrack_ipv4
xt_state 1197 7
nf_conntrack 51077 5
ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state
xt_comment 945 29
iptable_filter 1398 1
ip_tables 18588 3 iptable_mangle,iptable_nat,iptable_filter
x_tables 15642 14
iptable_mangle,ipt_REDIRECT,ipt_MASQUERADE,iptable_nat,xt_length,ipt_REJECT,ipt_LOG,xt_limit,xt_TCPMSS,xt_tcpudp,xt_state,xt_comment,iptable_filter,ip_tables
pppoe 9200 0
pppox 1680 1 pppoe
ppp_generic 22543 2 pppoe,pppox
slhc 3905 1 ppp_generic
ipv6 274324 26
af_packet 20808 2
evdev 10176 7
usbhid 15727 0
hid 72924 1 usbhid
usbkbd 4222 0
serio_raw 3824 0
psmouse 33674 0
pcspkr 1761 0
i2c_i801 7356 0
i2c_core 16104 1 i2c_i801
snd_hda_codec_realtek 273890 1
snd_hda_intel 18741 0
snd_hda_codec 55393 2 snd_hda_codec_realtek,snd_hda_intel
snd_hwdep 5900 1 snd_hda_codec
snd_pcm 61650 2 snd_hda_intel,snd_hda_codec
snd_timer 18580 1 snd_pcm
snd 53957 6
snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_timer
soundcore 4489 1 snd
snd_page_alloc 6391 2 snd_hda_intel,snd_pcm
shpchp 22100 0
pci_hotplug 20196 1 shpchp
iTCO_wdt 12227 0
iTCO_vendor_support 1778 1 iTCO_wdt
e1000e 118081 0
r8169 34717 0
firmware_class 5345 1 r8169
mii 3339 1 r8169
video 10919 0
backlight 3814 1 video
button 4332 0
processor 23414 0
ehci_hcd 32356 0
uhci_hcd 18888 0
ahci 20207 0
libahci 16233 1 ahci
libata 146299 2 ahci,libahci
loop 14314 0
ext4 226545 2
mbcache 4595 1 ext4
jbd2 46759 1 ext4
crc16 1247 1 ext4
usb_storage 32709 2
usb_libusual 10254 1 usb_storage
usbcore 121728 7
usbhid,usbkbd,ehci_hcd,uhci_hcd,usb_storage,usb_libusual
sd_mod 23519 3
scsi_mod 84453 3 libata,usb_storage,sd_mod
##>ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Hi,
Is /proc/sys/net/ipv4/ip_forward enabled?
Jeff
On Sat, Apr 7, 2012 at 4:32 PM, Der Tiger <der.tiger.alpine@arcor.de > wrote:
> Hi,
>
> I'm at a total loss. I've completely set up my Alpine based router, only to
> discover, it doesn't forward packets. This behaviour is verified on a
> physical machine and a VirtualBox machine with two NICs, each.
>
> [PC 192.168.2.1]
> |
> [eth1:192.168.2.254 | Alpine | eth0:192.168.1.1]
> |
> [Modem 192.168.1.254]
>
> I've:
>
> 1) booted the most recent Alpine ISO image and logged in as root
> 2) apk add iptables
> 3) ip link set up eth0
> 4) ip link set up eth1
> 5) ip address add 192.168.1.1/24 dev eth0
> 6) ip address add 192.168.2.254/24 dev eth1
> 7) ip route add default via 192.168.1.254 dev eth0
>
> which results in:
>
> ##>iptables -S
> -P INPUT ACCEPT
> -P FORWARD ACCEPT
> -P OUTPUT ACCEPT
> ##>iptables -t nat -S
> -P PREROUTING ACCEPT
> -P POSTROUTING ACCEPT
> -P OUTPUT ACCEPT
> ##>ip route show
> default via 192.168.1.254 dev eth0
> 192.168.2.0/24 dev eth1 src 192.168.2.254
> 192.168.1.0/24 dev eth0 src 192.168.1.1
>
> Whatever I try, I can't ping 192.168.1.254 (connected to eth0 of the router)
> from the pc 192.168.2.1 (connected to eth1 of the router). Pinging both, the
> pc and the modem, from the router works perfectly. The pc can, of course,
> ping the router at 192.168.2.254 and even the remote interface at
> 192.168.1.1, but not the modem at 192.168.1.254. Packet logging does neither
> show outgoing, nor incoming packets rejected or dropped.
>
> Later on, I've installed Privoxy, dhcpcd (for eth0), BIND and other daemons
> on the physical router. All traffic originating from the router, e.g. dhcpcd
> and BIND, adds to the packet count in the OUTPUT chain of iptables' filter
> table and reaches it's destination. All HTTP traffic passing through Privoxy
> adds to both, the INPUT and the OUTPUT chains, while HTTPS traffic cannot be
> digested by Privoxy and should therefore be bypassing Privoxy through the
> FORWARD chain. But while I'm sure the corresponding nat and filter rules are
> working, there are no packets registered passing through the FORWARD chain.
> Whatever protocol (HTTPS,FTP,POP3) is send, all packet counters remain zero
> and no connections are established. It looks like the packets are dropped,
> somewhere.
>
> My reference is another Linux router with 2.16.x kernel, where I extracted
> those long-term tested and optimized iptables rules from. I also made sure
> the same kernel modules are loaded on both routers. While the 2.16.x kernel
> router forwards packets as expected, the Alpine router does not.
>
> I've already spent days trying to figure out, what's wrong. Meanwhile I ran
> out of things to check, so I'd really appreciate if anybody would make any
> suggestions! The www search didn't yield results, either.
>
> Has anyone had any similar behaviour? Does packet forwarding generally work
> on all of your Alpine systems? Am I just totally off? 8-/
>
> Thanks for your help, Tiger
>
> ##>iptables-save
> # Generated by iptables-save v1.4.12.1 on Fri Apr 6 23:13:23 2012
> *filter
> :INPUT DROP [0:0]
> :FORWARD DROP [0:0]
> :OUTPUT ACCEPT [0:0]
> :fw-drp-log - [0:0]
> :fw-rej - [0:0]
> :fw-rej-fin - [0:0]
> :fw-rej-log - [0:0]
> :fw-www-acc - [0:0]
> :in-dhcpd - [0:0]
> :in-drp-log - [0:0]
> :in-icmp - [0:0]
> :in-rej - [0:0]
> :in-rej-fin - [0:0]
> :in-rej-log - [0:0]
> [0:0] -A INPUT -p icmp -m comment --comment ICMP -j in-icmp
> [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment
> "RELATED,ESTABLISHED" -j ACCEPT
> [0:0] -A INPUT -i lo -m comment --comment "Local Traffic" -j ACCEPT
> [0:0] -A INPUT -s 127.0.0.1/32 -m state --state NEW -m comment --comment
> "Local Traffic" -j DROP
> [0:0] -A INPUT -d 127.0.0.1/32 -m state --state NEW -m comment --comment
> "Local Traffic" -j DROP
> [0:0] -A INPUT -s 192.168.2.0/24 -m comment --comment "LAN Traffic" -j
> ACCEPT
> [0:0] -A INPUT -s 192.168.3.0/24 -m comment --comment "VoIP Traffic" -j
> ACCEPT
> [0:0] -A INPUT -p tcp -m tcp --dport 2222 -m comment --comment SSH -j ACCEPT
> [0:0] -A INPUT -i eth1 -p udp -m comment --comment DHCP -m udp --dport 67 -j
> ACCEPT
> [0:0] -A INPUT -s 192.168.1.254/32 -p udp -m udp --dport 5060 -m comment
> --comment "SIP from Modem" -j ACCEPT
> [0:0] -A INPUT -p udp -m udp --dport 17000:17031 -m comment --comment RTP -j
> ACCEPT
> [0:0] -A INPUT -j DROP
> [0:0] -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
> --clamp-mss-to-pmtu
> [0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -m comment --comment
> "RELATED,ESTABLISHED" -j ACCEPT
> [0:0] -A FORWARD -s 127.0.0.1/32 -m state --state NEW -m comment --comment
> "Drop Local Traffic" -j fw-drp-log
> [0:0] -A FORWARD -d 127.0.0.1/32 -m state --state NEW -m comment --comment
> "Drop Local Traffic" -j fw-drp-log
> [0:0] -A FORWARD -p tcp -m tcp --dport 139 -m comment --comment "Drop
> NETBIOS/Samba" -j DROP
> [0:0] -A FORWARD -p tcp -m tcp --dport 445 -m comment --comment "Drop
> NETBIOS/Samba" -j DROP
> [0:0] -A FORWARD -p udp -m udp --dport 137:138 -m comment --comment "Drop
> NETBIOS/Samba" -j DROP
> [0:0] -A FORWARD -p tcp -m tcp --dport 80 -m comment --comment "Reject
> unsoliceted HTTP" -j fw-rej-log
> [0:0] -A FORWARD -p udp -m udp --dport 53 -m comment --comment "Reject
> unsoliceted DNS" -j fw-rej-log
> [0:0] -A FORWARD -j fw-www-acc
> [0:0] -A FORWARD -j fw-rej-log
> [0:0] -A OUTPUT -o ppp0 -j ACCEPT
> [0:0] -A OUTPUT -o eth0 -j ACCEPT
> [0:0] -A OUTPUT -o eth1 -j ACCEPT
> [0:0] -A fw-drp-log -m limit --limit 1/sec --limit-burst 3 -j LOG
> --log-prefix "fw-forward-drop "
> [0:0] -A fw-drp-log -j DROP
> [0:0] -A fw-rej -p udp -m limit --limit 1/sec --limit-burst 3 -j fw-rej-fin
> [0:0] -A fw-rej ! -p udp -m limit --limit 1/sec --limit-burst 3 -j
> fw-rej-fin
> [0:0] -A fw-rej -j DROP
> [0:0] -A fw-rej-fin ! -p icmp -j REJECT --reject-with icmp-admin-prohibited
> [0:0] -A fw-rej-fin -j DROP
> [0:0] -A fw-rej-log -m limit --limit 1/sec --limit-burst 3 -j LOG
> --log-prefix "fw-forward-reject "
> [0:0] -A fw-rej-log -j fw-rej
> [0:0] -A fw-www-acc -s 192.168.2.128/25 -m comment --comment "Solicited LAN
> Outbound" -j ACCEPT
> [0:0] -A fw-www-acc -s 192.168.3.128/25 -m comment --comment "Solicited VoIP
> Outbound" -j ACCEPT
> [0:0] -A in-dhcpd -i eth1 -m comment --comment "Accept eth1" -j ACCEPT
> [0:0] -A in-dhcpd -j DROP
> [0:0] -A in-drp-log -m limit --limit 1/sec --limit-burst 3 -j LOG
> --log-prefix "fw-input-drop "
> [0:0] -A in-drp-log -j DROP
> [0:0] -A in-icmp -p icmp -m icmp --icmp-type 8 -m length --length 0:100 -m
> limit --limit 1/sec -m comment --comment "Ping Limit 1/sec" -j ACCEPT
> [0:0] -A in-icmp -m state --state RELATED -m comment --comment RELATED -j
> ACCEPT
> [0:0] -A in-rej -p udp -m limit --limit 1/sec --limit-burst 3 -j in-rej-fin
> [0:0] -A in-rej ! -p udp -m limit --limit 1/sec --limit-burst 3 -j
> in-rej-fin
> [0:0] -A in-rej -j DROP
> [0:0] -A in-rej-fin -p tcp -j REJECT --reject-with tcp-reset
> [0:0] -A in-rej-fin -p udp -j REJECT --reject-with icmp-port-unreachable
> [0:0] -A in-rej-fin ! -p icmp -j REJECT --reject-with icmp-proto-unreachable
> [0:0] -A in-rej-fin -j DROP
> [0:0] -A in-rej-log -m limit --limit 1/sec --limit-burst 3 -j LOG
> --log-prefix "fw-input-reject "
> [0:0] -A in-rej-log -j in-rej
> COMMIT
> # Completed on Fri Apr 6 23:13:23 2012
> # Generated by iptables-save v1.4.12.1 on Fri Apr 6 23:13:23 2012
> *nat
> :PREROUTING ACCEPT [0:0]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> :post-out-ovpn - [0:0]
> :pre-in-dns - [0:0]
> :pre-in-privoxy - [0:0]
> [0:0] -A PREROUTING -p udp -m comment --comment "DNS Redirect" -m udp
> --dport 53 -j pre-in-dns
> [0:0] -A PREROUTING -p tcp -m comment --comment "Privoxy Redirect" -m tcp
> --dport 80 -j pre-in-privoxy
> [0:0] -A POSTROUTING -s 192.168.0.0/16 -m comment --comment Masquerading -j
> MASQUERADE
> [0:0] -A pre-in-dns -s 192.168.0.0/16 -p udp -m comment --comment "Force DNS
> thru BIND" -j REDIRECT --to-ports 53
> [0:0] -A pre-in-privoxy -s 192.168.0.0/16 -p tcp -m comment --comment
> "Privoxy HTTP Redirect" -j REDIRECT --to-ports 8081
> COMMIT
> # Completed on Fri Apr 6 23:13:23 2012
> # Generated by iptables-save v1.4.12.1 on Fri Apr 6 23:13:23 2012
> *mangle
> :PREROUTING ACCEPT [0:0]
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> COMMIT
> # Completed on Fri Apr 6 23:13:23 2012
>
> ##>lsmod
> Module Size Used by Not tainted
> iptable_mangle 1470 0
> ipt_REDIRECT 1133 2
> ipt_MASQUERADE 1576 1
> iptable_nat 3590 1
> nf_nat 13271 3 ipt_REDIRECT,ipt_MASQUERADE,iptable_nat
> xt_length 1194 1
> ipt_REJECT 2087 4
> ipt_LOG 6324 4
> xt_limit 1976 9
> xt_TCPMSS 3037 1
> xt_tcpudp 2301 12
> nf_conntrack_ipv4 10348 10 iptable_nat,nf_nat
> nf_defrag_ipv4 1305 1 nf_conntrack_ipv4
> xt_state 1197 7
> nf_conntrack 51077 5
> ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,xt_state
> xt_comment 945 29
> iptable_filter 1398 1
> ip_tables 18588 3 iptable_mangle,iptable_nat,iptable_filter
> x_tables 15642 14
> iptable_mangle,ipt_REDIRECT,ipt_MASQUERADE,iptable_nat,xt_length,ipt_REJECT,ipt_LOG,xt_limit,xt_TCPMSS,xt_tcpudp,xt_state,xt_comment,iptable_filter,ip_tables
> pppoe 9200 0
> pppox 1680 1 pppoe
> ppp_generic 22543 2 pppoe,pppox
> slhc 3905 1 ppp_generic
> ipv6 274324 26
> af_packet 20808 2
> evdev 10176 7
> usbhid 15727 0
> hid 72924 1 usbhid
> usbkbd 4222 0
> serio_raw 3824 0
> psmouse 33674 0
> pcspkr 1761 0
> i2c_i801 7356 0
> i2c_core 16104 1 i2c_i801
> snd_hda_codec_realtek 273890 1
> snd_hda_intel 18741 0
> snd_hda_codec 55393 2 snd_hda_codec_realtek,snd_hda_intel
> snd_hwdep 5900 1 snd_hda_codec
> snd_pcm 61650 2 snd_hda_intel,snd_hda_codec
> snd_timer 18580 1 snd_pcm
> snd 53957 6
> snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_timer
> soundcore 4489 1 snd
> snd_page_alloc 6391 2 snd_hda_intel,snd_pcm
> shpchp 22100 0
> pci_hotplug 20196 1 shpchp
> iTCO_wdt 12227 0
> iTCO_vendor_support 1778 1 iTCO_wdt
> e1000e 118081 0
> r8169 34717 0
> firmware_class 5345 1 r8169
> mii 3339 1 r8169
> video 10919 0
> backlight 3814 1 video
> button 4332 0
> processor 23414 0
> ehci_hcd 32356 0
> uhci_hcd 18888 0
> ahci 20207 0
> libahci 16233 1 ahci
> libata 146299 2 ahci,libahci
> loop 14314 0
> ext4 226545 2
> mbcache 4595 1 ext4
> jbd2 46759 1 ext4
> crc16 1247 1 ext4
> usb_storage 32709 2
> usb_libusual 10254 1 usb_storage
> usbcore 121728 7
> usbhid,usbkbd,ehci_hcd,uhci_hcd,usb_storage,usb_libusual
> sd_mod 23519 3
> scsi_mod 84453 3 libata,usb_storage,sd_mod
>
> ##>ip6tables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
--
Jeff
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
ReHi Jeff,
Thank you very much for your immediate reply!
Thanks to your hint only a short
sysctl -w net.ipv4.ip_forward=1
was necessary to get the router going. Packet forwarding works
perfectly, now.
You Made My Day! THANKS! :)
Regards, Tiger
Am 2012-04-07 22:36, schrieb Jeff Bilyk:
> Hi,
>
> Is /proc/sys/net/ipv4/ip_forward enabled?
>
> Jeff
>
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---