Hallo Sandy,
Hier taucht wieder die 169.254.0.0 auf.
Google sagt dir bereits beim ersten Link die Antwort:
http://www.google.de/search?hl=de&q=169.254.0.0+dhcp&btnG=Google-Suche&meta=
Ich wusste zwar, dass wohl standardmässig ein DHCP-Client installiert wird bei Suse 10.0, dass er aber so im System rummacht, war mir nicht bewusst. Nun isser weg :-)
Das einzige, was ich nicht gesehen habe in diesem Thread ist die Ausgabe der Iptables-Befehle, welche für das Weiterleiten verantwortlich sind.
Was ergibt "iptables -L"?
Eine rieeeesige Latte von Ausgaben, die ich hier ersparen will.
Du kannst mal versuchen, mit folgenden Befehlen zu testen, ob danach der Internet-Zugriff funktioniert:
SuSEfirewall2 stop SuSEfirewall2 off
Damit hatte es nix zu tun ....... (meine Meinung, da ich keine Änderung bemerkt habe)
# Regeln resetten iptables -F iptables -X
# Forwarding aktivieren echo 1 > /proc/sys/net/ipv4/ip_forward
# Masquerading für eth1 als Internet-Interface iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE
# Erlaube forward für alles von eth0 nach eth1: iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
Passe die Interface-Namen an, dann sollte der Zugriff eigentlich funktionieren, wenn nicht noch etwas wie AppArmor oder SELinux dazwischenfunkt.
Das waren die entscheidenden Tipps, nur jetzt funktionuiert aber wohl die Firewall nicht mehr oder? Wie bekomme ich die jetzt aktiviert, damit ich nicht ganz offen im Netz rum eiere?
Nützliche Infos sind auch mit "SuSEfirewall2 debug|test" zu bekommen. Interessant wäre auch, was denn eigentlich in den Logs steht...
Die Ausgabe kommt im Anhang an die als test.txt modprobe ip_tables modprobe ip_conntrack modprobe ip6table_filter modprobe ip6table_mangle iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -N reject_func iptables -A reject_func -p tcp -j REJECT --reject-with tcp-reset iptables -A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable iptables -A reject_func -j REJECT --reject-with icmp-proto-unreachable iptables -A INPUT -j ACCEPT -i lo iptables -A OUTPUT -j ACCEPT -o lo ip6tables -F INPUT ip6tables -F OUTPUT ip6tables -F FORWARD ip6tables -P INPUT DROP ip6tables -P OUTPUT ACCEPT ip6tables -P FORWARD DROP ip6tables -F ip6tables -X ip6tables -t mangle -F ip6tables -t mangle -X ip6tables -N reject_func ip6tables -A reject_func -p tcp -j REJECT --reject-with tcp-reset ip6tables -A reject_func -p udp -j REJECT --reject-with port-unreach ip6tables -A reject_func -j REJECT --reject-with addr-unreach ip6tables -A reject_func -j DROP ip6tables -A INPUT -j ACCEPT -i lo ip6tables -A OUTPUT -j ACCEPT -o lo iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED ip6tables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED echo "1" > "/proc/sys/net/ipv4/ip_forward" echo "1" > "/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts" echo "1" > "/proc/sys/net/ipv4/tcp_syncookies" echo "0" > "/proc/sys/net/ipv4/tcp_ecn" echo "1" > "/proc/sys/net/ipv4/icmp_ignore_bogus_error_responses" echo "20" > "/proc/sys/net/ipv4/ipfrag_time" echo "1" > "/proc/sys/net/ipv4/igmp_max_memberships" echo "1024 29999" > "/proc/sys/net/ipv4/ip_local_port_range" echo "1" > "/proc/sys/net/ipv4/conf/all/log_martians" echo "0" > "/proc/sys/net/ipv4/conf/all/bootp_relay" echo "0" > "/proc/sys/net/ipv4/conf/all/proxy_arp" echo "1" > "/proc/sys/net/ipv4/conf/all/secure_redirects" echo "0" > "/proc/sys/net/ipv4/conf/all/accept_source_route" echo "1" > "/proc/sys/net/ipv4/conf/all/rp_filter" echo "1" > "/proc/sys/net/ipv4/conf/default/log_martians" echo "0" > "/proc/sys/net/ipv4/conf/default/bootp_relay" echo "0" > "/proc/sys/net/ipv4/conf/default/proxy_arp" echo "1" > "/proc/sys/net/ipv4/conf/default/secure_redirects" echo "0" > "/proc/sys/net/ipv4/conf/default/accept_source_route" echo "1" > "/proc/sys/net/ipv4/conf/default/rp_filter" echo "1" > "/proc/sys/net/ipv4/conf/dsl0/log_martians" echo "0" > "/proc/sys/net/ipv4/conf/dsl0/bootp_relay" echo "0" > "/proc/sys/net/ipv4/conf/dsl0/proxy_arp" echo "1" > "/proc/sys/net/ipv4/conf/dsl0/secure_redirects" echo "0" > "/proc/sys/net/ipv4/conf/dsl0/accept_source_route" echo "1" > "/proc/sys/net/ipv4/conf/dsl0/rp_filter" echo "1" > "/proc/sys/net/ipv4/conf/eth0/log_martians" echo "0" > "/proc/sys/net/ipv4/conf/eth0/bootp_relay" echo "0" > "/proc/sys/net/ipv4/conf/eth0/proxy_arp" echo "1" > "/proc/sys/net/ipv4/conf/eth0/secure_redirects" echo "0" > "/proc/sys/net/ipv4/conf/eth0/accept_source_route" echo "1" > "/proc/sys/net/ipv4/conf/eth0/rp_filter" echo "1" > "/proc/sys/net/ipv4/conf/lo/log_martians" echo "0" > "/proc/sys/net/ipv4/conf/lo/bootp_relay" echo "0" > "/proc/sys/net/ipv4/conf/lo/proxy_arp" echo "1" > "/proc/sys/net/ipv4/conf/lo/secure_redirects" echo "0" > "/proc/sys/net/ipv4/conf/lo/accept_source_route" echo "1" > "/proc/sys/net/ipv4/conf/lo/rp_filter" echo "1" > "/proc/sys/net/ipv4/route/flush" iptables -N input_int iptables -N input_ext iptables -N forward_int iptables -N forward_ext ip6tables -N input_int ip6tables -N input_ext ip6tables -N forward_int ip6tables -N forward_ext iptables -A input_int -j ACCEPT ip6tables -A input_int -j ACCEPT iptables -A input_ext -m pkttype --pkt-type broadcast -j DROP iptables -A input_ext -j ACCEPT -p icmp --icmp-type source-quench iptables -A input_ext -j ACCEPT -p icmp --icmp-type echo-request ip6tables -A input_ext -j ACCEPT -p icmpv6 --icmpv6-type echo-request iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type echo-reply iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type destination-unreachable iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type time-exceeded iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type parameter-problem iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type timestamp-reply iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type address-mask-reply iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type protocol-unreachable iptables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type redirect ip6tables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type echo-reply ip6tables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type destination-unreachable ip6tables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type packet-too-big ip6tables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type time-exceeded ip6tables -A input_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type parameter-problem ip6tables -A input_ext -j ACCEPT -p icmpv6 --icmpv6-type router-solicitation ip6tables -A input_ext -j ACCEPT -p icmpv6 --icmpv6-type router-advertisement ip6tables -A input_ext -j ACCEPT -p icmpv6 --icmpv6-type neighbour-solicitation ip6tables -A input_ext -j ACCEPT -p icmpv6 --icmpv6-type neighbour-advertisement ip6tables -A input_ext -j ACCEPT -p icmpv6 --icmpv6-type redirect iptables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-ACC-TCP -p tcp --dport 4662 --syn iptables -A input_ext -j ACCEPT -p tcp --dport 4662 iptables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-ACC-TCP -p tcp --dport 6881 --syn iptables -A input_ext -j ACCEPT -p tcp --dport 6881 ip6tables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-ACC-TCP -p tcp --dport 4662 --syn ip6tables -A input_ext -j ACCEPT -p tcp --dport 4662 ip6tables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-ACC-TCP -p tcp --dport 6881 --syn ip6tables -A input_ext -j ACCEPT -p tcp --dport 6881 iptables -A input_ext -j ACCEPT -p udp --dport 4444 iptables -A input_ext -j ACCEPT -p udp --dport 4672 ip6tables -A input_ext -j ACCEPT -p udp --dport 4444 ip6tables -A input_ext -j ACCEPT -p udp --dport 4672 iptables -A input_ext -s 0/0 -p tcp --dport 113 -m state --state NEW -j reject_func ip6tables -A input_ext -s 0/0 -p tcp --dport 113 -m state --state NEW -j reject_func iptables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type echo-reply iptables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type destination-unreachable iptables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type time-exceeded iptables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type parameter-problem iptables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type timestamp-reply iptables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type address-mask-reply iptables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type protocol-unreachable iptables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type redirect ip6tables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type echo-reply ip6tables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type destination-unreachable ip6tables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type packet-too-big ip6tables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type time-exceeded ip6tables -A forward_int -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type parameter-problem iptables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type echo-reply iptables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type destination-unreachable iptables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type time-exceeded iptables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type parameter-problem iptables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type timestamp-reply iptables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type address-mask-reply iptables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type protocol-unreachable iptables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmp --icmp-type redirect ip6tables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type echo-reply ip6tables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type destination-unreachable ip6tables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type packet-too-big ip6tables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type time-exceeded ip6tables -A forward_ext -j ACCEPT -m state --state ESTABLISHED,RELATED -p icmpv6 --icmpv6-type parameter-problem iptables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-DROP-DEFLT -p tcp --syn ip6tables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-DROP-DEFLT -p tcp --syn iptables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-DROP-DEFLT -p icmp ip6tables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-DROP-DEFLT -p icmpv6 iptables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-DROP-DEFLT -p udp ip6tables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-DROP-DEFLT -p udp iptables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-DROP-DEFLT-INV -m state --state INVALID ip6tables -A input_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-INext-DROP-DEFLT-INV -m state --state INVALID iptables -A input_ext -j DROP ip6tables -A input_ext -j DROP iptables -A forward_int -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDint-DROP-DEFLT -p tcp --syn ip6tables -A forward_int -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDint-DROP-DEFLT -p tcp --syn iptables -A forward_int -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDint-DROP-DEFLT -p icmp ip6tables -A forward_int -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDint-DROP-DEFLT -p icmpv6 iptables -A forward_int -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDint-DROP-DEFLT -p udp ip6tables -A forward_int -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDint-DROP-DEFLT -p udp iptables -A forward_int -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDint-DROP-DEFLT-INV -m state --state INVALID ip6tables -A forward_int -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDint-DROP-DEFLT-INV -m state --state INVALID iptables -A forward_int -j DROP ip6tables -A forward_int -j DROP iptables -A forward_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDext-DROP-DEFLT -p tcp --syn ip6tables -A forward_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDext-DROP-DEFLT -p tcp --syn iptables -A forward_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDext-DROP-DEFLT -p icmp ip6tables -A forward_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDext-DROP-DEFLT -p icmpv6 iptables -A forward_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDext-DROP-DEFLT -p udp ip6tables -A forward_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDext-DROP-DEFLT -p udp iptables -A forward_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDext-DROP-DEFLT-INV -m state --state INVALID ip6tables -A forward_ext -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWDext-DROP-DEFLT-INV -m state --state INVALID iptables -A forward_ext -j DROP ip6tables -A forward_ext -j DROP iptables -A INPUT -j input_int -i eth0 iptables -A INPUT -j input_ext -i dsl0 iptables -A FORWARD -j forward_int -i eth0 iptables -A FORWARD -j forward_ext -i dsl0 ip6tables -A INPUT -j input_int -i eth0 ip6tables -A INPUT -j input_ext -i dsl0 ip6tables -A FORWARD -j forward_int -i eth0 ip6tables -A FORWARD -j forward_ext -i dsl0 iptables -A INPUT -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-IN-ILL-TARGET iptables -A INPUT -j DROP iptables -A FORWARD -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWD-ILL-ROUTING iptables -A FORWARD -j DROP iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED iptables -A OUTPUT -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-OUT-ERROR ip6tables -A INPUT -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-IN-ILL-TARGET ip6tables -A INPUT -j DROP ip6tables -A FORWARD -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-FWD-ILL-ROUTING ip6tables -A FORWARD -j DROP ip6tables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED ip6tables -A OUTPUT -j LOG -m limit --limit 3/minute --log-level warning --log-tcp-options --log-ip-options --log-prefix SFW2-OUT-ERROR iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu