You are not logged in.

#1 2005-08-16 08:17:50

pobudz
Member
From: scottsdale, az
Registered: 2005-05-03
Posts: 35
Website

IPTABLES: ip forwarding/masquerading problems

my current rules (for testing purposes) are:

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

with ip_forwarding enabled (echo 1 > /proc/sys/net/ipv4/ip_forward)

eth0 is 121.212.12.16/28 IP: 121.212.12.30
eth1 is 192.168.2.0/24 IP: 192.168.2.148

eth0 is the internal network
eth1 goes out to the external network

i cannot for the life of me get any packets to forward. I have iptables.rules saved in /etc/iptables/iptables.rules, and have run /etc/rc.d/iptables restart everytime I update my rules.

I have no idea where to go from here. I can access each network individually from each interface, but i can not get the two interfaces to see each other.


If its out there, I'll sniff it

http://www.wifiscan.net/

Offline

#2 2005-08-16 14:36:54

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: IPTABLES: ip forwarding/masquerading problems

make sure you have "net.ipv4.ip_forward=1" in /etc/sysctl.conf too.


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#3 2005-08-17 06:19:58

pobudz
Member
From: scottsdale, az
Registered: 2005-05-03
Posts: 35
Website

Re: IPTABLES: ip forwarding/masquerading problems

yea thats already there too, im freaking clueless as to why im having so much trouble with this.


If its out there, I'll sniff it

http://www.wifiscan.net/

Offline

#4 2005-08-17 06:53:56

cactus
Taco Eater
From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
Registered: 2004-05-25
Posts: 4,615
Website

Re: IPTABLES: ip forwarding/masquerading problems

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT  
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

Your forward rules had no destinations specified.
Give that a whirl

in your statement, you said that eth0 was the internal network, but you list an external routable ip for eth0, and an internal ip for eth1. I went based off the ip information, with eth0 being the external network, and eth1 being your internal (masqueraded) network.

if the masquerade target is not working for some reason, you could try the SNAT target...
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.2.148

Also, make sure your clients behind eth1 know that the gateway is 192.168.2.148 then, as some clients assume that a gateway for a given network is the first available address..in this case it would be 192.168.2.1


"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍

Offline

#5 2005-08-30 15:52:59

pobudz
Member
From: scottsdale, az
Registered: 2005-05-03
Posts: 35
Website

Re: IPTABLES: ip forwarding/masquerading problems

our teacher had us create our own subnet (happened to be class a) behind a class C school network. thats why the IPs are offset a bit smile


If its out there, I'll sniff it

http://www.wifiscan.net/

Offline

Board footer

Powered by FluxBB