debian gateway using iptables

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by meijuh on Super User See other posts from Super User or by meijuh
Published on 2013-10-31T13:11:17Z Indexed on 2013/10/31 16:01 UTC
Read the original article Hit count: 296

Filed under:
|
|
|

I am having problems setting up a debian gateway server. My goal:

  • Having eth1 the WAN interface.
  • Having eth0 the LAN interface.
  • Allow both ports 22 (SSH) and 80 (HTTP) accessed from the outside world on the gateway (SSH and HTTP run on this server).

What I did was the following:

  • Create a file /etc/iptables.rules with contents:

/etc/iptables.rules:

*nat
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT

*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth1 -j DROP
COMMIT
  • edit /etc/network/interfaces as follows:

/etc/network/interfaces:

# The loopback network interface
auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules

auto eth0
allow-hotplug eth0
iface eth0 inet dhcp

#auto eth1
#allow-hotplug eth1
#iface eth1 inet dhcp

allow-hotplug eth1
iface eth1 inet static
address 217.119.224.51
netmask 255.255.255.248
gateway 217.119.224.49
dns-nameservers 217.119.226.67 217.119.226.68
  • Uncomment the rule net.ipv4.ip_forward=1 in /etc/sysctl.conf to allow packet forwarding.

The static settings for eth1 such as the ip address I got from my router (which I want to replace); I simply copied these.

  • I have a (windows) DNS + DHCP server on ip address 10.180.1.10, which assigns ip address 10.180.1.44 to eth0. What this server does is not really interesting it only maps domain names on our local network and assigns one static ip to the gateway.

  • What works: on the gateway itself I can ping 8.8.8.8 and google.nl. So that is okey.

  • What does not work: (1) Every machine connected to eth0 (indirectly via a switch) can not ping an ip or a domain. So I guess the gateway can not be found. (2) Also when I configure my linux machine (a laptop) to use a static ip 10.180.1.41, a mask and a gateway (10.180.1.44) I can not ping an ip or domain either.

This means that maybe my iptables is incorrect of not loaded correctly. Or I maybe have to configure my DNS/DHCP on my windows machine. I have not reset the windows machine net, restart the DNS/DHCP services, should I do this?

© Super User or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about networking

Related posts about debian

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle