ip masq 웹만 안되는 문제에 관해서..

재목그대로입니다.
외부로 telnet , ftp 다 됩니다 물론 핑도 되구요..
그런데 웹만 안되내요....
도무지 뭐가 문제인지 모르겠습지다.

래드햇7.1을 깔아서 쓰고 있습니다.

조금전까지 무진장 검색하고 했지만 정확한 답을 얻을수가 없었습니다.
한번

도무지 뭐가 잘못되었는지 알구가 업쇼어 도움을 요청합니.

지금 ?

화면이 깨져서 뭐라고 썼는지 알수가 없내용....

다시 말씀 드리자면

iptable을 사용하여 구현하였습니다.

모든것이 다 됩니다.

내부 윈도에서 야후등으로 핑도 잘 나가고 학교 서버로 telnet접속도 잘됩니
다.

그리고 윈도에서 익스플로러 열면 야후가 첫 화면으로 되어 있습니다.

거기서 나오는 메시지를 보면
싸이트를 찾았습니다. 응답을 기다리는중....

이라는 말까지 나오고 더이상 진행이 되질 않습니다.

dns, gateway, ip 모든것이 잘못된것은 없습니다.

저혼자 생각이지만 네트웍 관리자가 막을수 있나요?
masq를 사용하면 포트 높은포트번호가 붙어서 나간다고 하더라구요.
그래서 특정 포트 이상의 번호는 막아놓은것이 아닌지?

라우터에 엑새스 클레스 리스트를 사용하면 가능한걸로 알고 있는데요...

답답해 미치겠내요...
제가 사는 동내에 3초 정도의 정전이 있었고 그다음부터 안됩니다...

그리고 제가 설정한 파일입니다.

------------------------------------------------------------------

#!/bin/sh
#
# Initial SIMPLE IP Masquerade test for 2.4.x kernels
# using IPTABLES.
#
# Once IP Masquerading has been tested, with this simple
# ruleset, it is highly recommended to use a stronger
# IPTABLES ruleset either given later in this HOWTO or
# from another reputable resource.
#
#
# Load all required IP MASQ modules
#
# NOTE Only load the IP MASQ modules you need. All current IP MASQ
# modules are shown below but are commented out from loading.
#
# Log
# 0.60 - 0.50 had a mistake where the ruleset had a rule to DROP
# all forwarded packets but it didn't have a rule to ACCEPT
# any packets to be forwarded either
# - Load the ip_nat_ftp and ip_conntrack_ftp modules by default
# 0.50 - Initial draft
#

#echo -e "\n\nIPMASQ *TEST* rc.firewall ruleset - v0.60\n"

# The location of the 'iptables' program
#
# If your Linux distribution came with a copy of iptables, most
# likely it is located in /sbin. If you manually compiled
# iptables, the default location is in /usr/local/sbin
#
# ** Please use the "whereis iptables" command to figure out
# ** where your copy is and change the path below to reflect
# ** your setup
#
IPTABLES=/sbin/iptables
#IPTABLES=/usr/local/sbin/iptables
HOST_IP="`ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -
e 's/.*//'`"

#======================================================================
#== No editing beyond this line is required for initial MASQ testing ==

# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
/sbin/depmod -a

# With the new IPTABLES code, the core MASQ functionality is now either
# modular or compiled into the kernel. This HOWTO shows

IPTABLES # options as MODULES. If your kernel is compiled correctly, there is
# NO need to load the kernel modules manually.
#
# NOTE The following items are listed ONLY for informational reasons.
# There is no reason to manual load these modules unless your
# kernel is either mis-configured or you intentionally disabled
# the kernel module autoloader.
#

# Upon the commands of starting up IP Masq on the server, the
# following kernel modules will be automatically loaded
# ===============================================================

#Load the main body of the IPTABLES module - "iptable"
# - Loaded automatically when the "iptables" command is invoked
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
/sbin/insmod ip_tables

#Load the IPTABLES filtering module - "iptable_filter"
# - Loaded automatically when filter policies are activated

#Load the stateful connection tracking framework - "ip_conntrack"
#
# The conntrack module in itself does nothing without other specific
# conntrack modules being loaded afterwards such as
the "ip_conntrack_ftp"
# module
#
# - This module is loaded automatically when MASQ functionality is
# enabled
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
/sbin/insmod ip_conntrack

#Load the FTP tracking mechanism for full FTP tracking
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
/sbin/insmod ip_conntrack_ftp

#Load the general IPTABLES NAT code - "iptable_nat"
# - Loaded automatically when MASQ functionality is turned on
#
# - Loaded manually to clean up kernel auto-loading timing issues
#
/sbin/insmod iptable_nat

#Loads the FTP NAT functionality into the core IPTABLES code
# Required to support non-PASV FTP.
#
# Enabled by default -- insert a "#" on the next line to deactivate
#
/sbin/insmod ip_nat_ftp

# Just to be complete, here is a list of the remaining kernel modules
# and their function. Please note that several modules should be only
# loaded by the correct master kernel module for proper operation.
# --------------------------------------------------------------------
#
# ipt_mark - this target marks a given packet for future action.
# This automatically loads the ipt_MARK module
#
# ipt_tcpmss - this target allows to manipulate the TCP MSS
# option for braindead remote firewalls.
# This automatically loads the ipt_TCPMSS module
#
# ipt_limit - this target allows for packets to be limited to
# to many hits per sec/min/hr
#
# ipt_multiport - this match allows for targets within a range
# of port numbers vs. listing each port individually
#
# ipt_state - this match allows to catch packets with various
# IP and TCP flags set/unset
#
# ipt_unclean - this match allows to catch packets that have invalid
# IP/TCP flags set
#
# iptable_filter - this module allows for packets to be DROPped,
# REJECTed, or LOGged. This module automatically
# loads the following modules
#
# ipt_LOG - this target allows for packets to be
# logged
#
# ipt_REJECT - this target DROPs the packet and returns
# a configurable ICMP packet back to the
# sender.
#
# iptable_mangle - this target allows for packets to be manipulated
# for things like the TCPMSS option, etc.

#CRITICAL Enable IP forwarding since it is disabled by default since
#
# Redhat Users you may try changing the options in
# /etc/sysconfig/network from
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo " - Enabling packet forwarding in the kernel"
echo "1" > /proc/sys/net/ipv4/ip_forward

# Dynamic IP users
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
echo " - Enabling dynamic addressing measures"
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

# Enable simple IP forwarding and Masquerading
#
# NOTE In IPTABLES speak, IP Masquerading is a form of SourceNAT or
SNAT.
#
# NOTE #2 The following is an example for an internal LAN address in
the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet not not
# allow non-initiated traffic into your internal network.
#
# NOTE #3 You must change "eth0" to say "ppp0" if you are a modem user.
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#

echo " - Resetting the firewall and setting the default FORWARD policy
to DROP"

#Unless specified, the defaults for INPUT, OUTPUT, and FORWARD is ACCEPT
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
# 원래는 forward를 전부 DROP을 시켰는데요. 전 풀어 놓았거든요. 근데. 아래
의 소리바다...
# 등을 할려면 ACCEPT를 하고 나서 FORWORD에 대한 설정은 따로 해야 될것 같
던데요.
# 함 해보신분은 좀더 좋은게 있음 부탁 드립니다. ^^
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD

echo " - FWD Allow all connections OUT and only existing and related
ones IN"
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " - Proidea Test "
$IPTABLES -A INPUT -i eth0 -p icmp -j DROP
$IPTABLES -A INPUT -i eth0 -p tcp --dport 1024 -j DROP
$IPTABLES -A INPUT -i eth0 -p tcp --dport sunrpc -j DROP

echo " - Enabling SNAT (MASQUERADE) functionality on eth0"
$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#Popdesk (포트 포워딩 부분)
#$IPTABLES -t nat -A PREROUTING -i eth0 -p udp --dport 20002020 -j
DNAT --to 192.168.0.3
#$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp --dport 20002020 -j
DNAT --to 192.168.0.3

#soribada (포트 포워딩 부분)
$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 9065 -j DNAT --
to 192.168.1.29065
$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 9066 -j DNAT --
to 192.168.1.29066
$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 9067 -j DNAT --
to 192.168.1.29067
$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 9068 -j DNAT --
to 192.168.1.29068

#FTP server (포트 포워딩 부분)
#$IPTABLES -t nat -A PREROUTING -p tcp -d $HOST_IP --dport 8819 -j DNAT -
-to 192.168.0.921
#$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 8819 -j DNAT -
-to 192.168.0.921

#FTP server (포트 포워딩 부분)
#$IPTABLES -t nat -A PREROUTING -p tcp -d $HOST_IP --dport 8820 -j DNAT -
-to 192.168.0.321
#$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 8820 -j DNAT -
-to 192.168.0.321

#80 (포트 포워딩 부분)
#$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 8881 -j DNAT -
-to 192.168.0.380
#$IPTABLES -t nat -A PREROUTING -p tcp -d $HOST_IP --dport 8881 -j DNAT -
-to 192.168.0.380

# mms 미디어 동영상 192.168.0.3 1755 (포트 포워딩 부분)

#$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 1755 -j DNAT -
-to 192.168.0.31755
#$IPTABLES -t nat -A PREROUTING -p tcp -d $HOST_IP --dport 1755 -j DNAT -
-to 192.168.0.31755

# win 2000 터미널 서버 연결 192.168.0.3 3389 (포트 포워딩 부분)
#$IPTABLES -t nat -A PREROUTING -p udp -d $HOST_IP --dport 3389 -j DNAT -
-to 192.168.0.33389
#$IPTABLES -t nat -A PREROUTING -p tcp -d $HOST_IP --dport 3389 -j DNAT -
-to 192.168.0.33389

echo -e "\nDone.\n"

#########################################################################
##############

#!/bin/sh
#host_ip="`ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -
e 's/.*//'`"

## Mail to proidea IP ADDRESS
#echo "$host_ip" | /bin/mail -s "proidea" kkk@hanmai.net
#echo "$host_ip" | /bin/mail -s "proidea" kkk@hananet.net