You are not logged in.
- Topics: Active | Unanswered
#1 2005-08-16 08:17:50
- pobudz
- Member
- From: scottsdale, az
- Registered: 2005-05-03
- Posts: 35
- Website
IPTABLES: ip forwarding/masquerading problems
my current rules (for testing purposes) are:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
with ip_forwarding enabled (echo 1 > /proc/sys/net/ipv4/ip_forward)
eth0 is 121.212.12.16/28 IP: 121.212.12.30
eth1 is 192.168.2.0/24 IP: 192.168.2.148
eth0 is the internal network
eth1 goes out to the external network
i cannot for the life of me get any packets to forward. I have iptables.rules saved in /etc/iptables/iptables.rules, and have run /etc/rc.d/iptables restart everytime I update my rules.
I have no idea where to go from here. I can access each network individually from each interface, but i can not get the two interfaces to see each other.
Offline
#2 2005-08-16 14:36:54
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: IPTABLES: ip forwarding/masquerading problems
make sure you have "net.ipv4.ip_forward=1" in /etc/sysctl.conf too.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#3 2005-08-17 06:19:58
- pobudz
- Member
- From: scottsdale, az
- Registered: 2005-05-03
- Posts: 35
- Website
Re: IPTABLES: ip forwarding/masquerading problems
yea thats already there too, im freaking clueless as to why im having so much trouble with this.
Offline
#4 2005-08-17 06:53:56
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: IPTABLES: ip forwarding/masquerading problems
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADEYour forward rules had no destinations specified.
Give that a whirl
in your statement, you said that eth0 was the internal network, but you list an external routable ip for eth0, and an internal ip for eth1. I went based off the ip information, with eth0 being the external network, and eth1 being your internal (masqueraded) network.
if the masquerade target is not working for some reason, you could try the SNAT target...
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.2.148
Also, make sure your clients behind eth1 know that the gateway is 192.168.2.148 then, as some clients assume that a gateway for a given network is the first available address..in this case it would be 192.168.2.1
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#5 2005-08-30 15:52:59
- pobudz
- Member
- From: scottsdale, az
- Registered: 2005-05-03
- Posts: 35
- Website
Re: IPTABLES: ip forwarding/masquerading problems
our teacher had us create our own subnet (happened to be class a) behind a class C school network. thats why the IPs are offset a bit 
Offline