Debian Linux
Вообщем когда я запускаю скрипт на сервере с настройками iptables, то в локальной сети как-бы отваливается интернет причем пингуется linux.org.ru нормально, но на сайт не заходит, еще могу лазить например, по яндексу:
Обмен пакетами с linux.org.ru [217.76.32.61] с 32 байтами данных:
Ответ от 217.76.32.61: число байт=32 время=20мс TTL=52
Ответ от 217.76.32.61: число байт=32 время=21мс TTL=52
Ответ от 217.76.32.61: число байт=32 время=21мс TTL=52
poff provider
pon provider
eth0 - Инет
eth1 - Локалка ifconfig:
eth0 Link encap:Ethernet HWaddr 00:50:ba:c2:f4:93
inet addr:10.31.55.16 Bcast:10.31.63.255 Mask:255.255.224.0
inet6 addr: fe80::250:baff:fec2:f493/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:30732 errors:0 dropped:0 overruns:0 frame:0
TX packets:22610 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27441208 (26.1 MiB) TX bytes:4345238 (4.1 MiB)
Interrupt:12 Base address:0xc000
eth1 Link encap:Ethernet HWaddr 00:50:ba:c3:01:c2
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::250:baff:fec3:1c2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:23020 errors:0 dropped:0 overruns:0 frame:0
TX packets:28106 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4327524 (4.1 MiB) TX bytes:28315774 (27.0 MiB)
Interrupt:11 Base address:0xc400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1074 errors:0 dropped:0 overruns:0 frame:0
TX packets:1074 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:90250 (88.1 KiB) TX bytes:90250 (88.1 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:95.220.161.171 P-t-P:212.1.254.124 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:308 errors:0 dropped:0 overruns:0 frame:0
TX packets:386 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:37154 (36.2 KiB) TX bytes:41911 (40.9 KiB)
iptables-save:
e# iptables-save
# Generated by iptables-save v1.4.8 on Tue Nov 15 13:46:38 2011
*filter
:INPUT DROP [169:21033]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [83:7583]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Nov 15 13:46:38 2011
# Generated by iptables-save v1.4.8 on Tue Nov 15 13:46:38 2011
*nat
:PREROUTING ACCEPT [388:34911]
:POSTROUTING ACCEPT [71:6744]
:OUTPUT ACCEPT [70:6648]
-A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Tue Nov 15 13:46:38 2011
# Generated by iptables-save v1.4.8 on Tue Nov 15 13:46:38 2011
*mangle
:PREROUTING ACCEPT [297:33032]
:INPUT ACCEPT [81:9376]
:FORWARD ACCEPT [174:20926]
:OUTPUT ACCEPT [74:7040]
:POSTROUTING ACCEPT [247:27926]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Tue Nov 15 13:46:38 2011
/etc/ppp/peers/provider:
noipdefault
defaultroute
replacedefaultroute
hide-password
noauth
persist
plugin rp-pppoe.so eth0
user "user1234"
