Re: I can't see the world from my ipaq

Issue an command (on the Linux box):
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT

You have all incoming and outgoing packages blocked by the policies
(default rules).

best regards
Konrad Karczewski

On Fri, 12 Nov 2004, [ISO-8859-1] Lluis Pérez Vidal wrote:

> I have an h5550
>
> I am closely following the instructions of
>
> http://mstempin.free.fr/linux-ipaq/html_nochunks/Linux-iPAQ-HOWTO-1.1.html
>
> I am stuck just before 6.3 at paragraph
>
> ============================
> You should now be able to "ping" by its name any machine on the Internet
> that you know is responding to such requests.
>
> If you are able to "ping" the GNU/Linux host, but not the rest of the
> world, this may be due to the ip_forward mechanism not being enabled.
> Try re-inserting the iPAQ or re-launch the ipaqnet script.
> =============================
> I understand that I need to have on the GNU/Linux host
> NAT (network address
> translation), and therefore netfiltering and iptables.
>
> To achieve this I have recompiled on the host the 2.6.8 kernel with
> the options to have iptables (the host has a Debian
> testing distribution).
>
> I have seen during the booting process at the host
> ======================
> Initializing IP Masquerading...FATAL:Module ip_tables
> not found
> iptables v1.2.11:can't initialize iptables table 'mangle'.
> Table does not exist. (do you need to insmod?).
> Perhaps iptables or your kernel needs to be upgraded.
> ======================
> This appears at least 5 times.
> But then it looks as if it has iptables.
>
> I have done on the GNU/Linux host
>
> (cf.
> http://bulma.net/body.phtml?nIdNoticia=1140
> )
> =========================================
> # echo 1 > /proc/sys/net/ipv4/ip_forward
>
> $ cat /proc/sys/net/ipv4/ip_forward
> 1
>
>
>
> # iptables --flush
> # iptables --table nat --flush
>
> # iptables --table nat --append POSTROUTING \
> --out-interface ppp0 -j MASQUERADE
> # iptables --append FORWARD --in-interface eth0 -j ACCEPT
> ============================================
> with no error messages.
>
> After this, on the GNU/Linux host,
> I issue the command
>
> iptables -L
>
> and I get
> ==========================
> Chain INPUT (policy DROP)
> target prot opt source destination
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain OUTPUT (policy DROP)
> target prot opt source destination
>
> =======================
>
> then I issue the command
>
> iptables -L -n -t nat
>
> and I get
> ==========================
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> ==========================
>
> On the host
>
> ifconfig
>
> eth0 Link encap:Ethernet HWaddr 00:00:E2:54:B4:AB
> inet addr:147.83.29.84 Bcast:147.83.29.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:5807 errors:0 dropped:0 overruns:0 frame:0
> TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:386218 (377.1 KiB) TX bytes:3033 (2.9 KiB)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:8 errors:0 dropped:0 overruns:0 frame:0
> TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
>
> usb0 Link encap:Ethernet HWaddr F6:C6:94:4D:4B:EC
> inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
>
>
> On the iPAQ
>
> ifconfig
>
> gives
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:32 errors:0 dropped:0 overruns:0 frame:0
> TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:2336 (2.2 KiB) TX bytes:2336 (2.2 KiB)
>
> usbf Link encap:Ethernet HWaddr 98:29:E0:52:90:DB
> inet addr:192.168.0.202 Mask:255.255.255.0
> inet6 addr: fe80::9a29:e0ff:fe52:90db/10 Scope:Link
> UP RUNNING MTU:1500 Metric:1
> RX packets:1 errors:0 dropped:0 overruns:0 frame:0
> TX packets:5 errors:0 dropped:10 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:28 (28.0 B) TX bytes:406 (406.0 B)
>
> and then if I do on the iPaq
>
> ipkg update
>
> I get
>
> ==================================
> Downloading http://handhelds.org/feeds/unstable/Packages.gz
> wget: Temporary failure in name resolution: Connection refused
> ipkg_download: ERROR: Command failed with return value 1: `wget
> --passive-ftp -q -P /tmp/ipkg-9Xlgwd http://handhelds.'
> Downloading http://handhelds.org/feeds/2.4.19/Packages.gz
> wget: Temporary failure in name resolution: Connection refused
> ipkg_download: ERROR: Command failed with return value 1: `wget
> --passive-ftp -q -P /tmp/ipkg-9Xlgwd http://handhelds.'
> ===================================
>
>
> I suppose that
> a) I have iptables up and running on the host.
> b) I am giving some incorrect instructions to iptables.
>
> As a side-effect, my host is very isolated from the
> outside world: it cannot ping any IP numerical address
> (it says ping: sendmsg : Operation not permitted),
> cannot reach any DNS, no navigation; I'm lucky to
> have the keyboard to enter commands. I retain three other
> kernels that let me be "open" but have no iptables
> on these other kernels.
>
> Can you recommend any tutorial, instruction, reading
> to overcome this obstacle?
>
> _______________________________________________
> H5400-port mailing list
> H5400-port_at_handhelds.org
> https://www.handhelds.org/mailman/listinfo/h5400-port
>
Received on Fri Nov 12 2004 - 13:39:10 EST