after installing current slackware (previously slack 10.0) my routing
fails. my firewall/router script is the same as it was before the upgrade.
heres the script:
#!/bin/bash
iptables -F INPUT
iptables -F -t nat
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m limit --limit 1/minute -i eth0 -j LOG --log-level debug
iptables -A INPUT -p udp -i eth0 -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p udp -m limit --limit 1/minute -i eth0 -j LOG --log-level debug

#disable ECN
echo 0 > /proc/sys/net/ipv4/tcp_ecn

#disable spoofing on all interfaces
INTERFACES="lo eth0 eth1"
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done

#enable IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
exit

also,
lsmod | grep ipt*
ipt_MASQUERADE 1400 1 (autoclean)
ipt_REJECT 3096 1 (autoclean)
ipt_LOG 3448 2 (autoclean)
ipt_limit 856 2 (autoclean)
ipt_state 504 1 (autoclean)
iptable_nat 16814 1 (autoclean) [ipt_MASQUERADE]
ip_conntrack 18564 0 (autoclean) [ipt_MASQUERADE ipt_state iptable_nat]
iptable_filter 1644 1 (autoclean)
ip_tables 12000 9 [ipt_MASQUERADE ipt_REJECT ipt_LOG ipt_limit ipt_state iptable_nat iptable_filter]

everything seems to be fine but i cant ping interal network or vice versa.
clients have 192.168.1.1 as their default gw (eth1 on router)
when pinging from internal network it just times out.
when pinging from router to internal network it says:
ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
From 24.25.224.225 icmp_seq=2 Destination Host Unreachable
From 24.25.224.225 icmp_seq=3 Destination Host Unreachable

this seems odd because 24.25.224.225 is outside the network, somewhere on
my isp servers. anyhelp or comments is greatly appreciated, sorry for long
post, just wanted to provide as much info as possible

-psyops

psyops@spcl_ops.home wrote:

> #disable spoofing on all interfaces
> INTERFACES="lo eth0 eth1"
> for x in ${INTERFACES}
> do
> echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
> done
>
> #enable IP forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
> iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
<SNIP>
> clients have 192.168.1.1 as their default gw (eth1 on router)
> -psyops

I had a similar problem a while ago after changing my dsl modem/router.

If the ISP gives the same network (192.168.1. ) with dhcp and you use the
same as your private network no routing will occur since it's the same
network. Changing the local network to 192.168.2. should fix this.

Don't know if it helps in your case. Did in my.

//Micke

> [quoted text muted]
<SNIP>
> [quoted text muted]

thanx for the reply, ill try adjusting my local net.

-psyops