You are not logged in.
- Topics: Active | Unanswered
#1 2007-07-11 08:39:00
- lolman
- Member
- Registered: 2007-07-03
- Posts: 3
IPTables Masquerade problem
Ello all, I'm in a bit of a pickle here. I've set up a machine to take my internet connection from wlan0 and masquerade it through eth0, so a second machine has a connection. The problem is that TCP connections do not work at all when the PC that is being masqueraded to is in Linux (any flavour). I have tried pinging external machines and that works (so ICMP works) and DNS lookups also work (so that's UDP working too). Anything TCP related, however, fails, and I'm completely at odds as to why.
BTW: When the second machine is in Windows (tried XP and Vista so far) the connection works perfectly.
Any help would be appreciated 
Offline
#2 2007-07-11 19:35:42
- PenguinFlavored
- Member
- From: Chicago, IL, USA
- Registered: 2006-06-06
- Posts: 66
- Website
Re: IPTables Masquerade problem
First, make sure forwarding is enabled
echo 1 > /proc/sys/net/ipv4/ip_forwardMake this permanent across boots by putting in in /etc/sysctl.conf
net.ipv4.ip_forward=1If that doesn't work, what are your iptables rules?
Offline
#3 2007-07-12 10:42:30
- lolman
- Member
- Registered: 2007-07-03
- Posts: 3
Re: IPTables Masquerade problem
This is all I have at the moment in terms of iptables rules:
# Generated by iptables-save v1.3.8 on Tue Jul 10 03:55:52 2007
*mangle
:PREROUTING ACCEPT [123:18481]
:INPUT ACCEPT [72:13886]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [36:4123]
:POSTROUTING ACCEPT [38:4791]
COMMIT
# Completed on Tue Jul 10 03:55:52 2007
# Generated by iptables-save v1.3.8 on Tue Jul 10 03:55:52 2007
*nat
:PREROUTING ACCEPT [58:5519]
:POSTROUTING ACCEPT [5:564]
:OUTPUT ACCEPT [5:564]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Tue Jul 10 03:55:52 2007
# Generated by iptables-save v1.3.8 on Tue Jul 10 03:55:52 2007
*filterOffline
#4 2007-07-12 17:03:56
- PenguinFlavored
- Member
- From: Chicago, IL, USA
- Registered: 2006-06-06
- Posts: 66
- Website
Re: IPTables Masquerade problem
Is your upstream connection on eth0? If so you want:
-A POSTROUTING -o eth0 -j MASQUERADEAlso make sure you're accepting connections in your filter (default) table.
Offline
#5 2007-07-17 16:36:26
- jerem
- Member
- From: France
- Registered: 2005-01-15
- Posts: 310
Re: IPTables Masquerade problem
What does
iptables -L -n -voutput ?
There should be some stats about which packets are dropped and in which table.
Also make sure default routes are correctly setup.
You could also add some LOG targets to see what's happening.
For even some more information, go look for tcpdump or even wireshark.
Btw, using the SNAT target needs less processing than the MASQUERADE target. Try using that instead.
Last edited by jerem (2007-07-17 16:40:25)
Offline
#6 2007-07-17 16:50:05
- PenguinFlavored
- Member
- From: Chicago, IL, USA
- Registered: 2006-06-06
- Posts: 66
- Website
Re: IPTables Masquerade problem
What does
Btw, using the SNAT target needs less processing than the MASQUERADE target. Try using that instead.
Use SNAT only if you have a static IP, it can leave stale concetions if your IP changes, where MASQUERADE will reopen connections should your connection drop. Using SNAT could be worth a shot if nothing else works.
Offline