ADSL拨号，用IPTABLES做透明代理，客户机上不了网？

zcl · 发表于 2004-1-13 12:07:30

ADSL拨号，动态IP，写如下IPTABLES脚本：

modprobe ip_tables
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.8.0/24  -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -s 192.95.0.0/24  -j MASQUERADE

保存后生成的iptables文件内容如下
# Generated by iptables-save v1.2.8 on Tue Jan 13 11:27:24 2004
*nat

REROUTING ACCEPT [259]

OSTROUTING ACCEPT [1]
:OUTPUT ACCEPT [1]
-A POSTROUTING -s 192.168.8.0/255.255.255.0 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 192.95.0.0/255.255.255.0 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Tue Jan 13 11:27:24 2004
# Generated by iptables-save v1.2.8 on Tue Jan 13 11:27:24 2004
*filter
:INPUT ACCEPT [0]
:FORWARD ACCEPT [0]
:OUTPUT ACCEPT [2346]
:RH-Firewall-1-INPUT - [0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Jan 13 11:27:24 2004

客户端将网关设为192.168.8.2(eth1的IP) 或是192.95.0.2(eth2的IP)，eth0用来拨号,
可以ping 通ADSL给的网关，却不能上网是怎么回事啊？

		自动登录	找回密码
密码			注册