Thread: IP Forwarding problem
View Single Post

  #2 (permalink)  
Old 04-26-2004
ya
 
Posts: n/a
Default Re: IP Forwarding problem
Yes, It's very simple problem. First you have to remove default rule set
that Redhat supported.
- iptables -F
- iptables -t nat -F

and then, iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
or -j SNAT --to your real IP.

Maybe Redhat's default firewall rule set made you confused.




"David Suna" <david@davidsconsultants.com> wrote in message
news:pan.2004.04.26.09.56.00.76741@davidsconsultan ts.com...
> I am sure there is a simple fix to my problem but I have looked on the net
> and I have not found it.
>
> I have a RedHat 9 system set up. I am connecting to the Internet via an
> ISDN modem. The connection works fine. I now want to have the Windows
> boxes on the LAN connect to the Internet via the Linux box. I set up IP
> Forwarding. I am able to see the Linux box from the Windows machines on
> the network. However, I am not able to get out onto the Internet from the
> Windows machines. I ran tcpdump and I see that the requests from the
> Windows machine are going out but they are showing up as coming from
> 192.168.0.4 instead of as from the IP assigned from my ISP.
>
> It seems like the NAT is not working but I don't know how to fix it. The
> routing table seems to be OK. Below is what is reported by route -n:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
Iface
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 62.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0
ippp0
> 0.0.0.0 62.219.193.1 0.0.0.0 UG 0 0 0
ippp0
>
> The RedHat 7.3 system that I had in the past that performed this function
> used ipchains. RedHat 9 uses iptables. I don't know if the problem
> relates to a bad configuration for iptables. I used the RedHat tool for
> defining the iptables rules (Medium Security with the LAN as a trusted
> interface). Below is what I get from iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Lokkit-0-50-INPUT all -- anywhere anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> RH-Lokkit-0-50-INPUT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Lokkit-0-50-INPUT (2 references)
> target prot opt source destination
> ACCEPT udp -- ntp.ilan.net.il anywhere udp spt:ntp
dpt:ntp
> ACCEPT udp -- ntp.ilan.net.il anywhere udp spt:ntp
dpt:ntp
> ACCEPT udp -- kd2.bezeqint.net anywhere udp spt:domain
dpts:1025:65535
> ACCEPT udp -- dnsmail2.bezeqint.net anywhere udp
spt:domain dpts:1025:65535
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> REJECT tcp -- anywhere anywhere tcp
dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
> REJECT tcp -- anywhere anywhere tcp dpt:nfs
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
> REJECT udp -- anywhere anywhere udp
dpts:0:1023 reject-with icmp-port-unreachable
> REJECT udp -- anywhere anywhere udp dpt:nfs
reject-with icmp-port-unreachable
> REJECT tcp -- anywhere anywhere tcp
dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
> REJECT tcp -- anywhere anywhere tcp dpt:xfs
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
>
> Can someone tell me what I need to change to get the Windows machines to
> see the Internet? Any pointers to documentation that addresses this
> specific problem? I have read a bunch of documentation but I haven't
> found a way to solve this problem.
>
> thanks,
> David Suna
> david@davidsconsultants.com
>


Reply With Quote