[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.8

Help with iptables in OpenWRT

Asked by ykravchenko in Network Routers, Networking Hardware Firewalls, Linux Networking

Tags: openwrt, iptables

I need some help configuring iptables or the VPN Concentrator 3000...

I have an OpenWRT Linux that I have configured with vpnc to connect to my VPN Concentrator.  When I connect, I can ping the IP address assigned to the Linux box, and I can access everything on the network via the VPN tunnel.  So far, so good.

Now, I am trying to route packets that come to the address assigned by the VPN to a device on the inside of the remote network, and I am having difficulties getting that accomplished.  Here is my network configuration:

root@OpenWrt:/etc# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:01:D1:58:FC
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14689 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8248 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2846763 (2.7 MiB)  TX bytes:2779452 (2.6 MiB)
          Interrupt:4

eth0.0    Link encap:Ethernet  HWaddr 00:16:01:D1:58:FC
          inet addr:172.16.1.1  Bcast:172.16.1.7  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:143 errors:0 dropped:0 overruns:0 frame:0
          TX packets:155 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:16392 (16.0 KiB)  TX bytes:19718 (19.2 KiB)

eth0.1    Link encap:Ethernet  HWaddr 00:16:01:D1:58:FC
          inet addr:66.XX.XX.133  Bcast:66.XX.XX.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11820 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8100 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2258755 (2.1 MiB)  TX bytes:2726040 (2.5 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:242 (242.0 B)  TX bytes:242 (242.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.200.202.10  P-t-P:10.200.202.10  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1
          RX packets:8949 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7966 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10
          RX bytes:1311996 (1.2 MiB)  TX bytes:2076363 (1.9 MiB)

Here is the iptables configuration:

root@OpenWrt:/etc# iptables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
 1644  173K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp option=!2 flags:0x02/0x02
    9  4179 input_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    9  4179 input_wan  all  --  eth0.1 *       0.0.0.0/0            0.0.0.0/0
    9  4179 LAN_ACCEPT  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     47   --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
    9  4179 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
    0     0 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 forwarding_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 forwarding_wan  all  --  eth0.1 *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  eth0.0 eth0.0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  eth0.0 eth0.1  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
 2315 1275K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 output_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain LAN_ACCEPT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    9  4179 RETURN     all  --  eth0.1 *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain forwarding_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain forwarding_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_wan (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain output_rule (1 references)
 pkts bytes target     prot opt in     out     source               destination

Any help would be much appreciated.

Thank you,

Yan Kravchenko

 
Related Solutions
Keywords: Help with iptables in OpenWRT
Title
1 Mixed MTU environment
2 EIGRP over IPSEC Tunnel
3 two networks via a vpn
4 How to share Internet connection via V…
5 RedHat Firewall Help
6 Problem Finding Gateway
 
Loading Advertisement...
 
[+][-]09/11/07 08:41 PM, ID: 19873747Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/11/07 09:42 PM, ID: 19873939Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/11/07 11:43 PM, ID: 19874290Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Network Routers, Networking Hardware Firewalls, Linux Networking
Tags: openwrt, iptables
Sign Up Now!
Solution Provided By: Redimido
Participating Experts: 1
Solution Grade: A
 
[+][-]10/24/09 06:20 AM, ID: 25652052Administrative Comment

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 30-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-89 / EE_QW_1_20070628