Ho abilitato l'ip forwarding su linux. Le regole del firewall e server dhcp...
I messengers funzionano bene su internet, ma da client non posso andare in nessun sito web... pero' posso pingare per esempio yahoo.com.
eth1 = my public IP
eth2 = c'e' collegato direttamente 1 client windows
ecco il mio firewall:
Codice: Seleziona tutto
:INPUT ACCEPT [179:50132]
:FORWARD ACCEPT [37:1805]
:OUTPUT ACCEPT [217:24615]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Jul 28 20:23:21 2007
# Generated by iptables-save v1.3.8 on Sat Jul 28 20:23:21 2007
*nat
:PREROUTING ACCEPT [10:521]
:POSTROUTING ACCEPT [12:576]
:OUTPUT ACCEPT [12:719]
-A PREROUTING -i eth2 -p tcp -m tcp --dport 6662 -j DNAT --to-destination 192.168.100.20
-A PREROUTING -i eth2 -p tcp -m tcp --dport 48741 -j DNAT --to-destination 192.168.100.20
-A PREROUTING -i eth2 -p udp -m udp --dport 48741 -j DNAT --to-destination 192.168.100.20
-A PREROUTING -i eth2 -p udp -m udp --dport 6672 -j DNAT --to-destination 192.168.100.20
-A PREROUTING -i eth2 -p udp -m udp --dport 3830 -j DNAT --to-destination 192.168.100.20
-A PREROUTING -i eth2 -p tcp -m tcp --dport 3830 -j DNAT --to-destination 192.168.100.20
-A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.100.20
-A PREROUTING -i eth2 -p tcp -m tcp --dport 1445 -j DNAT --to-destination 192.168.100.20:443
-A PREROUTING -i eth2 -p tcp -m tcp --dport 1446 -j DNAT --to-destination 192.168.100.20:80
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
Codice: Seleziona tutto
P 192.168.100.20.4252 > 217.146.182.26.80: tcp 0
IP 192.168.100.20.4252 > 192.168.100.20.80: tcp 0
IP 192.168.100.20.4252 > 217.146.182.26.80: tcp 0
IP 192.168.100.20.4252 > 192.168.100.20.80: tcp 0
IP 192.168.100.20.4254 > 62.73.178.61.80: tcp 0
IP 192.168.100.20.4254 > 192.168.100.20.80: tcp 0
IP 192.168.100.20.4254 > 62.73.178.61.80: tcp 0
IP 192.168.100.20.4254 > 192.168.100.20.80: tcp 0
IP 192.168.100.20.4252 > 217.146.182.26.80: tcp 0
IP 192.168.100.20.4252 > 192.168.100.20.80: tcp 0
IP 192.168.100.20.4254 > 62.73.178.61.80: tcp 0
IP 192.168.100.20.4254 > 192.168.100.20.80: tcp 0
Codice: Seleziona tutto
IP 217.17.41.85.8074 > 192.168.100.20.4134: tcp 75
IP 192.168.100.20.4134 > 217.17.41.85.8074: tcp 0
IP 217.17.41.85.8074 > 192.168.100.20.4134: tcp 26
IP 192.168.100.20.4134 > 217.17.41.85.8074: tcp 8
IP 217.17.41.85.8074 > 192.168.100.20.4134: tcp 0
IP 217.17.41.85.8074 > 192.168.100.20.4134: tcp 26
IP 192.168.100.20.4134 > 217.17.41.85.8074: tcp 0
Codice: Seleziona tutto
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 * 255.255.255.0 U 0 0 0 eth2
62.121.112.0 * 255.255.252.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 254-tor-8.ac***** 0.0.0.0 UG 0 0 0 eth1