06-29-2015
NAT via iptables - Won't work!!
Hi guys
I'm running on debian on a small embedded system. I have a ppp interface that is connected to the internet (and works). My unit also has wifi access point (which works and I can connect to it).
I want to allow connections to the wifi to be able to use the internet from ppp0 interface. So basically want to set up a router type system.
right now, when I connect to my device with my phone, I cannot use the wifi. But on the shell of the embedded system, I can ping, I can load pages, i can do all sorts of things.
Here is what I have set up for my IPtables:
Quote:
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i wlan1 -o ppp0 -j ACCEPT
But i still can't browse internet on my phone.
Any ideas?
Thanks!
Am I
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hey programmers!
1-why won't gcc accept as an argument? i tried the recommendations on the man page of getch(),..etc. nothing worked.
2-why it won't see <iostream> && <fstream> even if i implemented the function as follow
std::cout<<"..etc"<<endl;
3-after i type this code in it gives... (6 Replies)
Discussion started by: mbabeli
6 Replies
2. UNIX for Advanced & Expert Users
Hello Guys,
I have a debian machine that work as a firewall (iptables + squid 2.6) with two physical interfaces: eth0 (public interface) and eth1 (internal interface LAN). I have created an alias eth1:1 in order to have two subnets on same physical interface:
cat/etc/network/interfaces
auto... (0 Replies)
Discussion started by: sincity2006
0 Replies
3. UNIX for Dummies Questions & Answers
Hi All,
can anybody tell me what's wrong with this code?
# SEARCH replaced by REPLACE
#!/bin/bash
SEARCH="95$$ 0 t"
REPLACE="95$$ 1 t"
for I in `ls *000.inp | cut -c-12`;
do
echo $I
sed 's/$SEARCH/$REPLACE/' ${I}-000.inp > ${I}-100.inp
done
It don't replace the string... (5 Replies)
Discussion started by: f_o_555
5 Replies
4. OS X (Apple)
I typed:
echo "echo hi > at_log.txt" | at now +1minute
to test the at command on my terminal. I got the message:
job 8 at Thu Feb 25 18:42:00 2010
I waited for a minute but nothing happened. I tried listing at_log.txt, but it said there was no such file. Am I doing something... (2 Replies)
Discussion started by: Ultrix
2 Replies
5. BSD
Hi! I'm sure that somebody here installed freeBSD from a download of a virtual disc (.iso). But I made 5 downloads of 5 differents freeBSD installation (and no one has worked).Can somebody tell me where to download and how (if needed) to prepare the cd? (8 Replies)
Discussion started by: maxum
8 Replies
6. UNIX for Dummies Questions & Answers
Hello,
Images won't work on UNIX when I try posting them on my website I'm working on. It doesn't show the image, and it's simply erroring.
Help! Thanks! (5 Replies)
Discussion started by: yazan
5 Replies
7. Red Hat
Hello, please can you help and explain me.
I have two servers. Both are RHEL6.
I use the first one like router and the second one for apache.
Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to... (0 Replies)
Discussion started by: 6765656755
0 Replies
8. Cybersecurity
Hi, I am learning IPTables have this question.
My server is behind a firewall that does a PAT & NAT to the LAN address.
Internet IP: 68.1.1.23
Port: 10022
Server LAN IP: 10.1.1.23
port: 22
Allowed Internet IPs: 131.1.1.23, 132.1.1.23
I want to allow a set of IPs are to be able to... (1 Reply)
Discussion started by: capri_guy84
1 Replies
9. IP Networking
Hi all,
I have a following situation:
- I want certain source IPs to be natted to a different destination IP and Port. Following is how I am achieving it:
/usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12
--dport 1500 -j DNAT --to-destination 192.168.10.20:2000
... (3 Replies)
Discussion started by: ahmerin
3 Replies
10. Cybersecurity
good day good people
hi
first to tell that firewall and vpn is working as expected, but I notice something strange.
I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn.
I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies
LEARN ABOUT CENTOS
iptables-xml
IPTABLES-XML(1) iptables 1.4.21 IPTABLES-XML(1)
NAME
iptables-xml -- Convert iptables-save format to XML
SYNOPSIS
iptables-xml [-c] [-v]
DESCRIPTION
iptables-xml is used to convert the output of iptables-save into an easily manipulatable XML format to STDOUT. Use I/O-redirection pro-
vided by your shell to write to a file.
-c, --combine
combine consecutive rules with the same matches but different targets. iptables does not currently support more than one target per
match, so this simulates that by collecting the targets from consecutive iptables rules into one action tag, but only when the rule
matches are identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
-v, --verbose
Output xml comments containing the iptables line from which the XML is derived
iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic considerations are for -g and -j targets in
order to discriminate between <call> <goto> and <nane-of-target> as it helps xml processing scripts if they can tell the difference between
a target like SNAT and another chain.
Some sample output is:
<iptables-rules>
<table name="mangle">
<chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-count="7137573">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<sport>8443</sport>
</tcp>
</conditions>
<actions>
<call>
<check_ip/>
</call>
<ACCEPT/>
</actions>
</rule>
</chain>
</table> </iptables-rules>
Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a custom program using libxsltproc
or similar; in this fashion:
xsltproc iptables.xslt my-iptables.xml | iptables-restore
BUGS
None known as of iptables-1.3.7 release
AUTHOR
Sam Liddicott <azez@ufomechanic.net>
SEE ALSO
iptables-save(8), iptables-restore(8), iptables(8)
iptables 1.4.21 IPTABLES-XML(1)