X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from [10.252.6.112] (unknown [74.117.189.39]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: nangel@nothome.org) by mail.alpinelinux.org (Postfix) with ESMTPSA id C01CFDC1426 for ; Fri, 16 Dec 2011 17:37:00 +0000 (UTC) Message-ID: <4EEB8215.1000500@alpinelinux.org> Date: Fri, 16 Dec 2011 09:38:29 -0800 From: Nathan Angelacos User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16 X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 To: alpine-devel@lists.alpinelinux.org Subject: Re: [alpine-devel] Alpine as Gateway References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/16/2011 09:24 AM, Mohsen Ahmadian wrote: > Hello to all > I am new in alpine and i want to create a gateway by alpine. > <>----------<>------------<> > eth1 pppoe eth0 NAT > I config pppoe and firewall (iptables) and any things that need.when i > ping 4.2.2.4 the result is true ( in Alpine and the client of it) > but i can't open any site ( or download with wget in alpine) in client. > *what is wrong*??? :-( > *please help me.* > thank you > --------------------------------------- > atom:~# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT all -- anywhere anywhere > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > ACCEPT all -- 192.168.0.0/24 > anywhere ctstate NEW > ACCEPT all -- 192.168.0.0/24 > anywhere ctstate NEW > ACCEPT all -- anywhere anywhere state > RELATED,ESTABLISHED > ACCEPT all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ---------------------------------------- > interface > ---------------------------------------- > iface lo inet loopback > iface eth0 inet static > address 192.168.0.120 > netmask 255.255.255.0 > broadcast 192.168.0.255 > -------------------------------------------- > rules > ------------------------------------------- > /sbin/iptables -F > /sbin/iptables -t nat -F > /sbin/iptables -t mangle -F #ignore if you get an error here > /sbin/iptables -X #deletes every non-builtin chain in the table > > /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > /sbin/iptables -A INPUT -m state --state NEW -i ppp0 -j ACCEPT > # only if both of the above rules succeed, use > /sbin/iptables -P INPUT DROP > > /sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state > ESTABLISHED,RELATED -j ACCEPT > /sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT > > /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > /sbin/iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT > ----------------------------------------------------------- > > do you have ip forwarding turned on? echo 1 >/proc/net/ipv4/ip_forward - top make sure it is set after next reboot, add the following to /etc/sysctl.conf and do an lbu commit net.ipv4.ip_forward = 1 _forward turned on? #echo /cat/proc/ 74.117.189.108 --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---