Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Correct kernel modules for iptables NAT?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1341

PostPosted: Fri Jun 13, 2014 8:49 am    Post subject: Correct kernel modules for iptables NAT? Reply with quote

Greetings I was wondering if anyone can confirm these are the necessary kernel modules for iptables router NAT?
I followed this guide http://wiki.gentoo.org/wiki/Home_Router and I can access the router but no WAN.

3.12.21-gentoo-r1:
Code:
xt_REDIRECT             1230  0
ipt_MASQUERADE          1258  2
iptable_nat             2038  1
nf_nat_ipv4             2684  1 iptable_nat
nf_nat                  8809  4 ipt_MASQUERADE,nf_nat_ipv4,xt_REDIRECT,iptable_nat

(these are the relevant ones)

grep IP_ /usr/src/linux/.config > http://pastebin.com/BnqCNc9L

thanks in advance
_________________
Donate to Gentoo


Last edited by turtles on Thu Jun 19, 2014 12:36 pm; edited 2 times in total
Back to top
View user's profile Send private message
bbgermany
Veteran
Veteran


Joined: 21 Feb 2005
Posts: 1785
Location: Oranienburg/Germany

PostPosted: Fri Jun 13, 2014 9:02 am    Post subject: Reply with quote

Hi,

since the wiki is not reachable for me atm, can you post your iptables rules and if IP forwarding is enabled?

bb
_________________
1st: i5-4570, 16GB, 1.75TB
2nd: i5-4570, 16GB, 620GB
3rd: i5-4570, 16GB, 10,5TB
4th: Asus N61VN, 8GB, 240GB
5th: C2D T7200, 2GB, 16GB USB + NFS
Back to top
View user's profile Send private message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1341

PostPosted: Fri Jun 13, 2014 9:44 pm    Post subject: Reply with quote

Here is the output of
iptables --list
Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
REJECT     udp  --  anywhere             anywhere             udp dpt:bootps reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere             udp dpt:domain reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1986
DROP       tcp  --  anywhere             anywhere             tcp dpts:0:1023

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.0.0/16       anywhere           
ACCEPT     all  --  192.168.0.0/16       anywhere           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


FYI I built a kernel for an old x86 box I would like to turn into a office router. I compiled almost everything in networking as modules.this is just for testing a Gentoo router, I am open to suggestions for further security after getting a basic config working. I can pastbin the complete config.

This is the setup I am working towards and would like to test various router OS's and gentoo on:
tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html
_________________
Donate to Gentoo
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13493

PostPosted: Fri Jun 13, 2014 10:19 pm    Post subject: Reply with quote

As bbgermany said, please post your iptables rules and whether IPv4 forwarding is enabled. You should never use iptables --list when someone asks you for information because it hides important details. You should always use iptables-save.
Back to top
View user's profile Send private message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1341

PostPosted: Mon Jun 16, 2014 4:47 pm    Post subject: Reply with quote

iptables-save
Code:

# Generated by iptables-save v1.4.20 on Mon Jun 16 00:46:28 2014
*nat
:PREROUTING ACCEPT [4923:1308992]
:INPUT ACCEPT [4490:1288463]
:OUTPUT ACCEPT [13:1261]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wan1 -j MASQUERADE
-A POSTROUTING -o wan1 -j MASQUERADE
COMMIT
# Completed on Mon Jun 16 00:46:28 2014
# Generated by iptables-save v1.4.20 on Mon Jun 16 00:46:28 2014
*mangle
:PREROUTING ACCEPT [34674:8160110]
:INPUT ACCEPT [34566:8144344]
:FORWARD ACCEPT [48:5632]
:OUTPUT ACCEPT [22879:2648374]
:POSTROUTING ACCEPT [22903:2650046]
COMMIT
# Completed on Mon Jun 16 00:46:28 2014
# Generated by iptables-save v1.4.20 on Mon Jun 16 00:46:28 2014
*filter
:INPUT ACCEPT [14828:3295626]
:FORWARD DROP [24:3960]
:OUTPUT ACCEPT [6825:1305387]
-A INPUT -i lo -j ACCEPT
-A INPUT -i lan0 -j ACCEPT
-A INPUT ! -i lan0 -p udp -m udp --dport 67 -j REJECT --reject-with icmp-port-unreachable
-A INPUT ! -i lan0 -p udp -m udp --dport 53 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i wan1 -p tcp -m tcp --dport 1980 -j ACCEPT
-A INPUT ! -i lan0 -p tcp -m tcp --dport 0:1023 -j DROP
-A FORWARD -s 192.168.0.0/16 -i lan0 -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -i wan1 -j ACCEPT
COMMIT
# Completed on Mon Jun 16 00:46:28 2014

_________________
Donate to Gentoo
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum