Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

troubleshooting a connectivity problem

Hi there,

I'd like some help troubleshooting a Internet connectivity problem.  The situation is an internal lan client
with a gateway firewall (mandrake OS and iptables) with an internal and external interfaces.
Am unable to get out to the Internet from the lan, but can get out locally from the firewall.

I'd really like some tips on network troubleshooting tips. The problem arose after a house move. All else stayed the same
except the network scripts weren't saved. The firewall hasn't changed,except its running over ppoe now.

I'm not looking for a solution just loads of tips on how to investigate this.

thanks

john
0
jjbarnsley
Asked:
jjbarnsley
1 Solution
 
pablouruguayCommented:
i have this script and work all ok under ppoe  you need to change 200. for your isp provider address or range. and the 192.xxxx internal network for your internal network.

#!/bin/bash

# set up firewall

case "$1" in
    start)
        echo "Starting firewall"

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -P POSTROUTING ACCEPT -t nat
iptables -P PREROUTING ACCEPT -t nat
iptables -P OUTPUT ACCEPT -t nat


modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward







#iptables -N PORTSCANDROPLAN
#iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
#iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
#iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
#iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags ALL FIN -j DROP
#iptables -A PORTSCANDROPLAN -o ppp0 -p tcp --tcp-flags ALL ALL -j DROP


iptables -A FORWARD -j ACCEPT -i eth0 -o eth0 -d 0/0
iptables -A FORWARD -j ACCEPT -i ppp0 -o eth0 -d 0/0
iptables -A FORWARD -j ACCEPT -i eth0 -o ppp0 -d 0/0
iptables -A FORWARD -j ACCEPT -i eth0 -o ppp0 -d 0/0


iptables -A FORWARD -p icmp --icmp-type echo-request -j DROP
#iptables -A FORWARD -j ACCEPT -p icmp
iptables -A OUTPUT -j ACCEPT -s 200.0.0.0/255.0.0.0  -d 0/0
iptables -A OUTPUT -j ACCEPT -s 192.168.1.0/255.255.255.0 -d 0/0
iptables -A POSTROUTING -t nat -o ppp0 -j MASQUERADE
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i ppp0 -j ACCEPT
iptables -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21  --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp  --dport 8080  -j ACCEPT
iptables -A INPUT -p tcp -m tcp  --dport 995 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 4662 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 4672 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 953 -j ACCEPT
iptables -A INPUT  -p tcp --dport 53 -j ACCEPT
iptables -A INPUT  -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -m tcp  --dport 143 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -N dropwall
iptables -A dropwall -j DROP
iptables -A INPUT -j dropwall


    ;;


    stop)
        echo "Removing firewall"
        iptables -F
        iptables -Z
        iptables -P OUTPUT  ACCEPT
        iptables -P INPUT   ACCEPT
        iptables -P FORWARD ACCEPT
        iptables -P dropwall ACCEPT
    ;;

    *)
        echo "$0 {start|stop}"
    ;;
esac


0
 
Gabriel OrozcoSolution ArchitectCommented:
try enabling forwarding:

echo "1" > /proc/sys/net/ipv4/ip_forward
0
 
Cyclops3590Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: pablouruguay

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Cyclops3590
EE Cleanup Volunteer
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now