Sorry I'm so late getting back to this. I'm still coming up dry, so let's try this again. (If you're wondering why I'm still banging away at the firewall, it's because everything else looks good. The XBox is apparently getting an IP address and forwarding seems to be enabled in the kernel. I'm about at my wits' end, and I know that if there's even a small problem in the firewall configuration, it could well mean nothing works.) Feel free to ignore this all if you've found another way around it since then. This time I'm going to go with the most basic rules, so I'm doing a few less checks. I'm adding one that's a workaround for a problem that I'm aware Microsoft sites have trouble with. Maybe it's one of our issues. (That's the TCPMSS line, and believe me, it's a ridiculously difficult problem to troubleshoot. It felt like the whole Internet worked,
except for Microsoft and Weather.com. Very confusing.)
Code:
sudo iptables -t filter -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -A FORWARD -m tcp -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
sudo iptables -A FORWARD -i eth0 -o eth0 -m comment --comment "Forward inside to inside" -j ACCEPT
sudo iptables -A FORWARD -o eth1 -m comment --comment "Forward inside to outside" -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o eth0 -m comment --comment "Forward outside to inside" -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o eth1 -m comment --comment "Masquerade Wireless" -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -o eth0 -m comment --comment "Masquerade Internally" -j MASQUERADE
Also, let's add some more lines to your dhcpd.conf and see if they help:
Code:
# give leases out for a month, by default (30 days -- the value is in seconds)
default-lease-time 2592000;
# or six months at max
max-lease-time 15552000;
# set up the subnet for 192.168.63.x
subnet 192.168.63.0 netmask 255.255.255.0 {
# give out IPs from 192.168.63.10 - 192.168.63.249
range 192.168.63.10 192.168.63.249;
# use these DNS servers
option domain-name-servers 68.238.0.12, 216.229.16.30;
# this DHCP server rules this subnet with an iron fist
authoritative;
# route packets through this computer (192.168.63.1)
option routers 192.168.63.1;
# set the netmask for the subnet
option subnet-mask 255.255.255.0;
# set the broadcast address
option broadcast-address 192.168.63.255;
}
Then restart dhcpd
Code:
sudo killall dhcpd
sudo dhcpd eth0