The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

routing/gateway help wanted

Discussion in 'General Discussion' started by Dionis, May 27, 2005.

  1. Dionis

    Dionis Registered

    Joined:
    Sep 4, 2004
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    151
    Hi there,
    I have a linux box (centos 3.4) with cPanel test license, which have two cards (eth0 and eth1). I use my linux box like router/gateway to internet for my second box with windows xp. My linux box work fine. Problem is what I can't access to web pages, email, msn on internet from my windovs xp computer. I have use this simple script which run by rc.local

    -----------------------------------------------

    #!/bin/bash

    # Load useful kernel modules
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    modprobe ip_conntrack_irc
    modprobe ip_nat_ftp
    modprobe ipt_MASQUERADE

    # Disabling ECN if enabled (explicit congestion notification
    if [ -e /proc/sys/net/ipv4/tcp_ecn ]
    then
    echo 0 > /proc/sys/net/ipv4/tcp_ecn
    fi

    # Enabling forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward

    # AntiSpoofing protection
    for x in lo eth0 eth1
    do
    echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
    done

    # Here is the place to define some variables

    iptables="/sbin/iptables"
    publicaddr="xx.xx.xx.xx" #here my static IP address
    privateaddr="192.168.0.1"
    any="0.0.0.0/0"
    localnet="192.168.0.0/24"

    #First, flushing the existing rules
    iptables -F INPUT
    iptables -F OUTPUT
    iptables -F FORWARD
    iptables -F -t nat
    iptables -t nat -F PREROUTING
    iptables -t nat -F POSTROUTING
    iptables -t nat -F OUTPUT



    #Now defining the standard policy
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    iptables -t nat -P PREROUTING ACCEPT
    iptables -t nat -P POSTROUTING ACCEPT
    iptables -t nat -P OUTPUT ACCEPT


    #Defining the real stuff !

    # Allow access to the firewall from the localnet
    iptables -A INPUT -s $localnet -d $privateaddr -j ACCEPT
    iptables -A INPUT -s $localnet -d $publicaddr -j ACCEPT

    # Allow access from ourself to us !
    iptables -A INPUT -i lo -j ACCEPT

    # Allow the firewall box to access the internet
    iptables -A INPUT -s $any -d $publicaddr -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Should we masquerade the localnet to internet ?
    iptables -t nat -A POSTROUTING -s $localnet -d $any -j MASQUERADE

    -------------------------------------
    and my etc/sysconfig/iptables is:

    ---------------------------------------

    # Firewall configuration written by redhat-config-securitylevel
    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    COMMIT
    --------------------------------------

    Before I have use Plesk and all things work fine for me. Now I have no idea why I can't access to web, email and msn messanger. ICQ and etc. work fine on windows box. May be cPanel something blocking?

    Thanks for your help in advance.
    Alex
     
Loading...

Share This Page