Executando um servidor DHCP, o (s) cliente (s) não possui link ascendente (0Mbps) e possui um downlink (50Mbps.)
Estou configurando um gateway / roteador em um PC com o Debian Wheezy com ISC-DHCP. Eu tenho 1 interfaces WAN (eth0) e 2 LAN (eth1, eth2) conectadas.
Preciso de uma regra de tabela IP para permitir que os pacotes de upload em eth1 / eth2 saiam da eth0 para a Internet? O problema é que os usuários não podem enviar formulários da web ou enviar dados para sites.
Abaixo estão as interfaces e a saída do iptables:
cat /etc/network/interfaces # This file describes the network interfaces available on your system# and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 #iface eth0 inet6 auto iface eth0 inet static address 173.xxx.xxx.145 netmask 255.255.255.252 gateway 173.xxx.xxx.146 auto eth1 iface eth1 inet static address 192.168.2.10 network 192.168.2.0 netmask 255.255.255.0 auto eth2 iface eth2 inet static address 192.168.22.10 network 192.168.22.0 netmask 255.255.255.0
iptables-save # Generated by iptables-save v1.4.14 on Tue Jul 15 08:33:07 2014 *mangle :PREROUTING ACCEPT [5430:3921752] :INPUT ACCEPT [362:33625] :FORWARD ACCEPT [5047:3846737] :OUTPUT ACCEPT [187:27214] :POSTROUTING ACCEPT [5234:3873951] COMMIT # Completed on Tue Jul 15 08:33:07 2014 # Generated by iptables-save v1.4.14 on Tue Jul 15 08:33:07 2014 *filter :INPUT ACCEPT [285:25527] :FORWARD ACCEPT [123:23976] :OUTPUT ACCEPT [165:24524] -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth1 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i eth1 -o eth0 -j ACCEPT -A FORWARD -i eth0 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth2 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i eth2 -o eth0 -j ACCEPT COMMIT # Completed on Tue Jul 15 08:33:07 2014 # Generated by iptables-save v1.4.14 on Tue Jul 15 08:33:07 2014 *nat :PREROUTING ACCEPT [227:16114] :INPUT ACCEPT [68:5796] :OUTPUT ACCEPT [2:668] :POSTROUTING ACCEPT [2:668] -A POSTROUTING -s 192.168.2.0/24 ! -d 192.168.2.0/24 -j MASQUERADE -A POSTROUTING -s 192.168.22.0/24 ! -d 192.168.22.0/24 -j MASQUERADE -A POSTROUTING -s 192.168.50.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Tue Jul 15 08:33:07 2014