Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
dhemming2017-03-12 00:40:32
Debian
dhemming, 2017-03-12 00:40:32

Configuring access from the local network to the external, how to properly configure NAT?

Greetings.
Problem following:
there is a debian-server. there was a desire to put SQUID on it. Put the second network card.
Configured network interfaces (eth0 - looks to the local network, eth1 - to the Internet). Here is the config /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

allow-hotplug eth0

auto eth0
  iface eth0 inet static
    address 192.168.1.102
    netmask 255.255.255.0
    #gateway 192.168.1.102

auto eth1
  iface eth1 inet static
    address  xx.xx.xx.xx(статический адрес от провайдера)
    netmask  255.255.252.0
    gateaway xx.xx.xx.xx(шлюз провайдера)
    dns-nameservers xx.xx.xx.xx yy.yy.yy.yy(DNS сервера провайдера)
    hwaddress ether Mac адрес карты

post-up /etc/nat

Here is the config for iptables (written by a script so that the rules are automatically applied on reboot):
#!/bin/sh

# Включаем форвардинг пакетов
echo 1 > /proc/sys/net/ipv4/ip_forward

# Разрешаем трафик на loopback-интерфейсе
iptables -A INPUT -i lo -j ACCEPT

# Разрешаем доступ из внутренней сети наружу
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Включаем NAT
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE

# Разрешаем ответы из внешней сети
iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Запрещаем доступ снаружи во внутреннюю сеть
iptables -A FORWARD -i eth1 -o eth0 -j REJECT

Also installed dnsmasq. Everything is standard there, I changed only 1 parameter listen-address=127.0.0.1, 192.168.1.102
The network has a DHCP server on the dd-wrt router. Computers receive addresses from it. The default gateway on the router is set to 192.168.1.102 (the local address of the Debian server).
There is no Internet. From computers in the local network, the provider's local gateway is pinged. The ping does not reach the DNS provider. I called the support of the provider, they said the problem is on my side.
Who can tell what's wrong?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Valentin, 2017-03-12
@vvpoloskin

Well, proxies and nat are usually not connected in any way, moreover, it is even harmful to connect them. Remove the iptables config from post-up altogether.
If you still need nat, then understand iptables, it is configured differently, copying the first script that comes across from the Internet will not work. First, at the beginning of the script, you need to reset all chains (-F) and explicitly set the default policies (-P). Second, both INPUT and OUTPUT (and in certain cases FORWARD) are allowed for lo. Thirdly, well, iptables does not work, well, remove the extra reject-accept from it (your last two lines).
Try manually on some PC to put in the provider's DNS or 8.8.8.8 (better for verification). if dnsmasq is on the same server, then you must at least allow access in the INPUT, OUTPUT chains, possibly FILTER

Similar questions
C
Caspergreen2016-02-15 12:51:27
SQUID + SAMS = transparent authorization, how? 2Reply
N
nirvimel2016-02-15 12:55:15
What is the easiest way in Linux to get a shell (sandbox) from which access to the network is blocked? 4Reply
C
Caspergreen2016-02-19 13:31:01
Access restriction in subnets, how? 1Reply
S
Sc0rpion2018-07-08 11:59:20
Low speed in exfat in debian, how to win? 1Reply
P
pixelshader2013-10-21 10:25:35
Setting up a mixed debian system? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question