Siccome fidarsi è bene ma non firdarsi è meglio ... posta l'output del comando
Codice: Seleziona tutto
cat /etc/iptables
Siccome fidarsi è bene ma non firdarsi è meglio ... posta l'output del comando
Codice: Seleziona tutto
cat /etc/iptables
Codice: Seleziona tutto
# Generated by iptables-save v1.8.7 on Thu Dec 2 18:00:30 2021
*filter
:INPUT ACCEPT [146:16612]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3377:287587]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i eno1 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Dec 2 18:00:30 2021
# Generated by iptables-save v1.8.7 on Thu Dec 2 18:00:30 2021
*nat
:PREROUTING ACCEPT [9:2347]
:INPUT ACCEPT [8:2004]
:OUTPUT ACCEPT [1729:119296]
:POSTROUTING ACCEPT [1133:80583]
-A POSTROUTING -o eno1 -j MASQUERADE
-A POSTROUTING -o eno1 -j MASQUERADE
-A POSTROUTING -o eno1 -j MASQUERADE
COMMIT
# Completed on Thu Dec 2 18:00:30 2021
Mi ripeto:thece ha scritto: ↑mercoledì 1 dicembre 2021, 23:28...
Prima di fare questo però sul "gateway" modifica le regole attualmente impostate per IPTables.
L'unica regola che ti occorre è
tutte le altre le puoi eliminare, peraltro non sono nemmeno tutte corrette.Codice: Seleziona tutto
sudo iptables -t nat -A POSTROUTING -o wlxe0469a14ba78 -j MASQUERADE <---<< Corretto
Codice: Seleziona tutto
sudo iptables -t filter -X
sudo iptables -t filter -F
sudo iptables -t filter -Z
sudo iptables -t nat -X
sudo iptables -t nat -F
sudo iptables -t nat -Z
sudo iptables -t mangle -X
sudo iptables -t mangle -F
sudo iptables -t mangle -Z
sudo iptables -t raw -X
sudo iptables -t raw -F
sudo iptables -t raw -Z
sudo iptables -t filter -P INPUT ACCEPT
sudo iptables -t filter -P FORWARD ACCEPT
sudo iptables -t filter -P OUTPUT ACCEPT
sudo iptables -t nat -P PREROUTING ACCEPT
sudo iptables -t nat -P POSTROUTING ACCEPT
sudo iptables -t nat -P OUTPUT ACCEPT
sudo iptables -t mangle -P PREROUTING ACCEPT
sudo iptables -t mangle -P INPUT ACCEPT
sudo iptables -t mangle -P FORWARD ACCEPT
sudo iptables -t mangle -P OUTPUT ACCEPT
sudo iptables -t mangle -P POSTROUTING ACCEPT
sudo iptables -t raw -P PREROUTING ACCEPT
sudo iptables -t raw -P OUTPUT ACCEPT
Codice: Seleziona tutto
sudo iptables -t nat -A POSTROUTING -o wlxe0469a14ba78 -j MASQUERADE <---<< Corretto
Codice: Seleziona tutto
sudo iptables-save > /etc/iptables
Codice: Seleziona tutto
tcpdump: verbose output suppressed, use -v[v]... for full pr
listening on eno1, link-type EN10MB (Ethernet), snapshot len
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Codice: Seleziona tutto
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlxe0469a14ba78, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Codice: Seleziona tutto
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
Codice: Seleziona tutto
cat /proc/sys/net/ipv4/ip_forward
1
Codice: Seleziona tutto
cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
address 127.0.0.1
netmask 255.0.0.0
auto enp1s0
iface enp1s0 inet static
address 192.168.1.1
netmask 255.255.255.0
post-up iptables-restore < /etc/iptables.config
Codice: Seleziona tutto
cat /etc/iptables.config
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wlp2s0 -j MASQUERADE
COMMIT
Codice: Seleziona tutto
nmcli connection
NAME UUID TYPE DEVICE
wlp2s0 f1c46b43-c600-46c6-8cd2-e3d5b6556f5c wifi wlp2s0
Codice: Seleziona tutto
ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
ether 68:f7:28:33:13:69 txqueuelen 1000 (Ethernet)
RX packets 19927 bytes 1354766 (1.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 39520 bytes 59146156 (56.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 1086 bytes 88329 (86.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1086 bytes 88329 (86.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.214 netmask 255.255.255.0 broadcast 192.168.0.255
ether 74:29:af:9c:6c:25 txqueuelen 1000 (Ethernet)
RX packets 40167 bytes 59211097 (56.4 MiB)
RX errors 0 dropped 272 overruns 0 frame 0
TX packets 20105 bytes 1815790 (1.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Codice: Seleziona tutto
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 600 0 0 wlp2s0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp1s0
192.168.0.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp2s0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0
Codice: Seleziona tutto
tcpdump -i enp1s0 icmp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp1s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:26:16.852082 IP 192.168.1.2 > dns.google: ICMP echo request, id 1, seq 2, length 40
13:26:16.866146 IP dns.google > 192.168.1.2: ICMP echo reply, id 1, seq 2, length 40
13:26:17.866235 IP 192.168.1.2 > dns.google: ICMP echo request, id 1, seq 3, length 40
13:26:17.878193 IP dns.google > 192.168.1.2: ICMP echo reply, id 1, seq 3, length 40
13:26:18.881898 IP 192.168.1.2 > dns.google: ICMP echo request, id 1, seq 4, length 40
13:26:18.893034 IP dns.google > 192.168.1.2: ICMP echo reply, id 1, seq 4, length 40
13:26:19.897389 IP 192.168.1.2 > dns.google: ICMP echo request, id 1, seq 5, length 40
13:26:19.909208 IP dns.google > 192.168.1.2: ICMP echo reply, id 1, seq 5, length 40
^C
8 packets captured
8 packets received by filter
0 packets dropped by kernel
Codice: Seleziona tutto
tcpdump -i wlp2s0 icmp
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on wlp2s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:26:16.852137 IP arkham.fritz.box > dns.google: ICMP echo request, id 1, seq 2, length 40
13:26:16.866113 IP dns.google > arkham.fritz.box: ICMP echo reply, id 1, seq 2, length 40
13:26:17.866257 IP arkham.fritz.box > dns.google: ICMP echo request, id 1, seq 3, length 40
13:26:17.878173 IP dns.google > arkham.fritz.box: ICMP echo reply, id 1, seq 3, length 40
13:26:18.881920 IP arkham.fritz.box > dns.google: ICMP echo request, id 1, seq 4, length 40
13:26:18.893014 IP dns.google > arkham.fritz.box: ICMP echo reply, id 1, seq 4, length 40
13:26:19.897424 IP arkham.fritz.box > dns.google: ICMP echo request, id 1, seq 5, length 40
13:26:19.909174 IP dns.google > arkham.fritz.box: ICMP echo reply, id 1, seq 5, length 40
^C
8 packets captured
8 packets received by filter
0 packets dropped by kernel
Codice: Seleziona tutto
# Generated by iptables-save v1.8.7 on Fri Dec 3 23:09:43 2021
*mangle
:PREROUTING ACCEPT [39:3044]
:INPUT ACCEPT [39:3044]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [66:4810]
:POSTROUTING ACCEPT [67:4842]
COMMIT
# Completed on Fri Dec 3 23:09:43 2021
# Generated by iptables-save v1.8.7 on Fri Dec 3 23:09:43 2021
*raw
:PREROUTING ACCEPT [39:3044]
:OUTPUT ACCEPT [66:4810]
COMMIT
# Completed on Fri Dec 3 23:09:43 2021
# Generated by iptables-save v1.8.7 on Fri Dec 3 23:09:43 2021
*filter
:INPUT ACCEPT [39:3044]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [66:4810]
COMMIT
# Completed on Fri Dec 3 23:09:43 2021
# Generated by iptables-save v1.8.7 on Fri Dec 3 23:09:43 2021
*nat
:PREROUTING ACCEPT [1:28]
:INPUT ACCEPT [1:28]
:OUTPUT ACCEPT [5:331]
:POSTROUTING ACCEPT [4:240]
-A POSTROUTING -o wlxe0469a14ba78 -j MASQUERADE
COMMIT
# Completed on Fri Dec 3 23:09:43 2021
I comandi che ti ho postato HANNO FUNZIONATO.
Visualizzano questa sezione: 0 utenti iscritti e 12 ospiti