Gentoo Archives: gentoo-user

From: the <the.guard@××××.ru>
To: Gentoo Users List <gentoo-user@l.g.o>
Subject: [gentoo-user] NAT problem
Date: Fri, 10 Jan 2014 17:55:44
Message-Id: 52D03414.1070501@mail.ru
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 Hello. This is the the first time I'm dealing with wifi and the second
5 time with NAT.
6 I have a server (access point) with a ppp0 interface (internet), eth0,
7 wlan0, tun0 and sit0. A dhcp server is listening on wlan0 and provides
8 local ip addresses, dns (= my isp dns) and router (= server wlan0 ip
9 address). Nat is configured on the server like this:
10 # Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014
11 *raw
12 :PREROUTING ACCEPT [1000941:974106726]
13 :OUTPUT ACCEPT [775261:165606146]
14 COMMIT
15 # Completed on Fri Jan 10 21:34:26 2014
16 # Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014
17 *nat
18 :PREROUTING ACCEPT [888:45008]
19 :INPUT ACCEPT [63:9590]
20 :OUTPUT ACCEPT [442:27137]
21 :POSTROUTING ACCEPT [36:1728]
22 - -A POSTROUTING -o ppp0 -j MASQUERADE
23 COMMIT
24 # Completed on Fri Jan 10 21:34:26 2014
25 # Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014
26 *mangle
27 :PREROUTING ACCEPT [1000941:974106726]
28 :INPUT ACCEPT [951658:947497602]
29 :FORWARD ACCEPT [39262:26279024]
30 :OUTPUT ACCEPT [775261:165606146]
31 :POSTROUTING ACCEPT [814621:191890787]
32 COMMIT
33 # Completed on Fri Jan 10 21:34:26 2014
34 # Generated by iptables-save v1.4.20 on Fri Jan 10 21:34:26 2014
35 *filter
36 :INPUT ACCEPT [371:35432]
37 :FORWARD ACCEPT [0:0]
38 :OUTPUT ACCEPT [33994:3725352]
39 - -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
40 - -A FORWARD -i wlan0 -o ppp0 -j ACCEPT
41 - -A FORWARD -i ppp0 -o wlan0 -j ACCEPT
42 - -A FORWARD -i eth0 -j DROP
43 - -A FORWARD -i tun0 -j DROP
44 COMMIT
45 # Completed on Fri Jan 10 21:34:26 2014
46 I have a client that connects to my wifi, obtains an address via dhcp
47 and ... can't acces almost all of internet sites.
48 I was able to ping any web service I could think of, but I was able to
49 use only google/youtube. I can do text/ image serches on google and
50 can open youtube(but videos aren't loading). On other services wget
51 says connection established, but it can't retrieve anything. if I ssh
52 to an external server (not my nat server) I can ls, but if I try to ls
53 - -alh I receive only a half of the files list and the terminal hangs
54 after that.
55 If I do $python -m http.server on my server I can do file transfers
56 and open html pages on my client. I have tried this
57 https://wiki.archlinux.org/index.php/Software_Access_Point#WLAN_is_very_slow
58 Also I have tried to insert LOG target in FORWARD of filter.
59 It showed that I send way more pakets(>10) to a http server than I
60 receive(~2-4).
61 The client is fine and behaves normally with wifi, used it many times.
62 Thanks for your time.
63 -----BEGIN PGP SIGNATURE-----
64 Version: GnuPG v2.0.22 (GNU/Linux)
65 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
66
67 iQEcBAEBAgAGBQJS0DQTAAoJEK64IL1uI2hafvwIAIDd3LM3iKTUKNSacou2NhTR
68 W9CTSS+1fVgQKww+Biseo4jj9Hiek/vo9t7Kxv2YrCw8DwCxW8j+sRUHK6//SY9O
69 z2abLUUxXq1q9POIy19CYXP3LVFpRSJpPtvAMADgx0roZCQWodwiVUWBZ2BI+lEF
70 2/T34JEqPna6NZsrtdufRWLII/zSbu9EuM5/atQe5HenI5Vkhz0rBXrLXEuRO4Gx
71 1bNvOmuupD5NMEVTCiwnCpGwikbZIkWswFaD89vRLBFnZwPJeE6ArwJvCMBxHhlw
72 OgpxpMPi1oBKNHmVnLiR5d1efkhksQhL9OcEWi0Jiw6cm2u3eLVt3CxtU4OjnQc=
73 =86dE
74 -----END PGP SIGNATURE-----

Replies

Subject Author
Re: [gentoo-user] NAT problem the <the.guard@××××.ru>
Re: [gentoo-user] NAT problem Kerin Millar <kerframil@×××××××××××.uk>
Re: [gentoo-user] NAT problem Randy Barlow <randy@×××××××××××××××××.com>