Sabayon Community

Stories about Sabayon, roosters, hens and chickens, on Linux
Home WikiWeb ChatBugsDownloadGit

Skip to content

ufw, iptables masquerading config

Discussions Regarding Software

Moderator: Moderators

Post a reply

Re: ufw, iptables masquerading config

Postby msdobrescu » Sat Sep 15, 2012 8:24

Hello,

Thank you for all the advices.

So far, these rules below were enough, but, since X, they seem not to work anymore.
Any idea why?

Code: Select all
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE
iptables -A FORWARD -o ppp0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu


Code: Select all
iptables -nL -v --line-numbers -t nat
Chain PREROUTING (policy ACCEPT 5541 packets, 536K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 2274 packets, 240K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 4186 packets, 252K bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 4186 packets, 252K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     9013  593K MASQUERADE  all  --  *      ppp0    192.168.0.0/16       0.0.0.0/0           


Code: Select all
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
TCPMSS     tcp  --  anywhere             anywhere             tcpflags: SYN,RST/SYN TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination     
User avatar
msdobrescu
Advanced Hen
 
Posts: 271
Joined: Sun Aug 21, 2011 8:48
Top

Re: ufw, iptables masquerading config

Postby BHReach » Sat Sep 15, 2012 16:18

Let me reiterate that I am not a network or iptables expert and I am not sure exactly what the 2nd line of your firewall does but it is likely the cause of your problem because the X server uses the tcp protocol and I do not know if it changes any defaults. The X server uses tcp port 6000 by default.

I don't understand why you are messing with the tcp protocol at all.

In the example I gave you, I set the policy to block all input by default. That blocks any input from the Internet (or anywhere else) by default. Then I accept all INPUT from my local lan and lo, plus anything ESTABLISHED or RELATED. That means I can connect to the Internet using any protocol and the firewall will allow responses in but block and attempts at a connection from the Internet that has not been initiated by me.
BHReach
Growing Hen
 
Posts: 192
Joined: Thu Jan 31, 2008 20:40
Top

Re: ufw, iptables masquerading config

Postby msdobrescu » Sun Sep 16, 2012 21:09

Actually, I have taken the default iptables config that came with the Sabayon and added the masquerading and the mtu manglig.
User avatar
msdobrescu
Advanced Hen
 
Posts: 271
Joined: Sun Aug 21, 2011 8:48
Top

Re: ufw, iptables masquerading config

Postby msdobrescu » Sat Oct 06, 2012 8:16

So, I simply could not make it work anymore.
A friend just upgraded from 8, he has no ssh with that machine now.
Is there a bug?
User avatar
msdobrescu
Advanced Hen
 
Posts: 271
Joined: Sun Aug 21, 2011 8:48
Top
Previous
Post a reply

Return to Software in General

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Prosilver SE - Modified by PhpBB3 BBCodes - Header by vladstudio