2007/10/21, Curtis Doty <Curtis@xxxxxxxxxxxx>: > 9:48pm Antonio said: > > > I installed a new modem ADSL2+ that doesn' t need pppo any longer > > because it starts connection by himself > > > > I had this set of rules on my my computer acting as a router. > > When I switched from the old to the new modem, the computer on the lan > > didn't surf the net, the I realized that I had to change some rule. > > > > # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003 > > *nat > > :OUTPUT ACCEPT [0:0] > > :PREROUTING ACCEPT [0:0] > > :POSTROUTING ACCEPT [0:0] > > -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE > > # Forward HTTP connections to Squid proxy > > -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128 > > COMMIT > > # Completed on Fri Feb 21 09:27:33 2003 > > # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003 > > *mangle > > :PREROUTING ACCEPT [9:432] > > :INPUT ACCEPT [3:234] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [9:684] > > :POSTROUTING ACCEPT [17:1292] > > COMMIT > > # Completed on Fri Feb 21 09:27:33 2003 > > # Generated by iptables-save v1.2.6a on Fri Feb 21 09:27:33 2003 > > *filter > > :FORWARD DROP [0:0] > > :INPUT DROP [0:0] > > :OUTPUT ACCEPT [0:0] > > -A INPUT -i lo -j ACCEPT > > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > -A FORWARD -i eth0 -j ACCEPT > > -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > -A INPUT -i eth0 -j ACCEPT > > COMMIT > > # Completed on Fri Feb 21 09:27:33 2003 > > > > > > _______________________________________________________ > > I replaced the postrouting line by: > > > > -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE > > > > But the LAN didn't work. Where is the mistake??? > > > > Take a closer look at "iptables-save -c" preferably run in the year 2007 > after making your change. > > Are you really sure the problem is iptables related? You might also peek > at "ip addr" and "ip route" just to make sure you still don't have > something goofy leftover in your routing like default dev ppp0. > > ../C > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > I re-booted (network and iptables restart seem not enough) and now the LAN is on the net. But I have a question: if eth1 is defined to get IP address from network (i.e. the modem) why I get (please take note that modem is 192.168.1.1) : [antonio@Casa ~]$ /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 87.14.136.149 0.0.0.0 UG 0 0 0 eth1 [antonio@Casa ~]$ /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:11:D8:BF:9F:05 inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::211:d8ff:febf:9f05/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:62180 errors:0 dropped:0 overruns:0 frame:0 TX packets:116218 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5008926 (4.7 MiB) TX bytes:161555044 (154.0 MiB) Interrupt:20 eth1 Link encap:Ethernet HWaddr 52:54:05:E5:82:46 inet addr:87.14.136.149 Bcast:87.14.136.149 Mask:255.255.255.255 inet6 addr: fe80::5054:5ff:fee5:8246/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:126705 errors:0 dropped:0 overruns:0 frame:0 TX packets:80821 errors:0 dropped:0 overruns:0 carrier:0 collisions:241 txqueuelen:1000 RX bytes:172334866 (164.3 MiB) TX bytes:6589413 (6.2 MiB) Interrupt:19 Base address:0xec00 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:8644 errors:0 dropped:0 overruns:0 frame:0 TX packets:8644 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:30019892 (28.6 MiB) TX bytes:30019892 (28.6 MiB) ______________________________________________________ Tnx -- Antonio Montagnani Skype : antoniomontag