Just hooked up them via wifi, they are pinging each other!
Remains to enable wan in client, server iptable rules:
And in resolv.conf of client I added google's DNS 8.8.8.8Code:Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- gjjline.bta.net.cn anywhere tcp flags:!FIN,SYN,RST,ACK/SYN ACCEPT udp -- gjjline.bta.net.cn anywhere ACCEPT tcp -- dialdns.bta.net.cn anywhere tcp flags:!FIN,SYN,RST,ACK/SYN ACCEPT udp -- dialdns.bta.net.cn anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere localhost DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID LSI all -f anywhere anywhere limit: avg 10/min burst 5 INBOUND all -- anywhere anywhere INBOUND all -- anywhere localhost INBOUND all -- anywhere localhost INBOUND all -- anywhere localhost LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Input' Chain FORWARD (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5 TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU OUTBOUND all -- anywhere anywhere ACCEPT tcp -- anywhere localhost/24 state RELATED,ESTABLISHED ACCEPT udp -- anywhere localhost/24 state RELATED,ESTABLISHED LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward' ACCEPT all -- localhost/24 anywhere ctstate NEW ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- localhost gjjline.bta.net.cn tcp dpt:domain ACCEPT udp -- localhost gjjline.bta.net.cn udp dpt:domain ACCEPT tcp -- localhost dialdns.bta.net.cn tcp dpt:domain ACCEPT udp -- localhost dialdns.bta.net.cn udp dpt:domain ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8 DROP all -- 255.255.255.255 anywhere DROP all -- anywhere 0.0.0.0 DROP all -- anywhere anywhere state INVALID OUTBOUND all -- anywhere anywhere OUTBOUND all -- anywhere anywhere LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere LOG level info prefix `Unknown Output' Chain INBOUND (4 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED LSI all -- anywhere anywhere Chain LOG_FILTER (5 references) target prot opt source destination Chain LSI (2 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound ' DROP icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound ' DROP all -- anywhere anywhere Chain LSO (0 references) target prot opt source destination LOG_FILTER all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTBOUND (3 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere
Help me, anyone!



Adv Reply

Bookmarks