You are not logged in.
Ello all, I'm in a bit of a pickle here. I've set up a machine to take my internet connection from wlan0 and masquerade it through eth0, so a second machine has a connection. The problem is that TCP connections do not work at all when the PC that is being masqueraded to is in Linux (any flavour). I have tried pinging external machines and that works (so ICMP works) and DNS lookups also work (so that's UDP working too). Anything TCP related, however, fails, and I'm completely at odds as to why.
BTW: When the second machine is in Windows (tried XP and Vista so far) the connection works perfectly.
Any help would be appreciated
Offline
First, make sure forwarding is enabled
echo 1 > /proc/sys/net/ipv4/ip_forward
Make this permanent across boots by putting in in /etc/sysctl.conf
net.ipv4.ip_forward=1
If that doesn't work, what are your iptables rules?
Offline
This is all I have at the moment in terms of iptables rules:
# Generated by iptables-save v1.3.8 on Tue Jul 10 03:55:52 2007
*mangle
:PREROUTING ACCEPT [123:18481]
:INPUT ACCEPT [72:13886]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [36:4123]
:POSTROUTING ACCEPT [38:4791]
COMMIT
# Completed on Tue Jul 10 03:55:52 2007
# Generated by iptables-save v1.3.8 on Tue Jul 10 03:55:52 2007
*nat
:PREROUTING ACCEPT [58:5519]
:POSTROUTING ACCEPT [5:564]
:OUTPUT ACCEPT [5:564]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Tue Jul 10 03:55:52 2007
# Generated by iptables-save v1.3.8 on Tue Jul 10 03:55:52 2007
*filter
Offline
Is your upstream connection on eth0? If so you want:
-A POSTROUTING -o eth0 -j MASQUERADE
Also make sure you're accepting connections in your filter (default) table.
Offline
What does
iptables -L -n -v
output ?
There should be some stats about which packets are dropped and in which table.
Also make sure default routes are correctly setup.
You could also add some LOG targets to see what's happening.
For even some more information, go look for tcpdump or even wireshark.
Btw, using the SNAT target needs less processing than the MASQUERADE target. Try using that instead.
Last edited by jerem (2007-07-17 16:40:25)
Offline
What does
Btw, using the SNAT target needs less processing than the MASQUERADE target. Try using that instead.
Use SNAT only if you have a static IP, it can leave stale concetions if your IP changes, where MASQUERADE will reopen connections should your connection drop. Using SNAT could be worth a shot if nothing else works.
Offline