Re: Newbie NAT question
Tauno Voipio escreveu:
> Fernando Vaz wrote:
>
>> Tauno Voipio escreveu:
>>
>>> Fernando Vaz wrote:
>>>
>>>> Hello folks,
>>>>
>>>> I'm trying to set up a home network, using an older PC as a
>>>> gateway/apache server. The connection between both boxes works
>>>> fine, and the gateway connects to the internet fine (ADSL ppp0
>>>> connection, it pings out of my net ok). All the NAT modules are
>>>> loaded, I have cleared all firewall rules, but still the machine
>>>> behind the gateway can't ping anywhere past the gateway.
>>>> ipv4_forward is set to 1. I'll try to draw a diagram:
>>>>
>>>>
>>>> | |
>>>> | internet |
>>>> |_____________|
>>>> |
>>>> |
>>>> \/
>>>> -------------------
>>>> |ppp0(valid ip) |
>>>> | /\ |
>>>> | | |
>>>> | \/ |
>>>> |eth0 (ip 0.0.0.0)|
>>>> | /\ |
>>>> | | |
>>>> | \/ |
>>>> |eth1(192.168.0.2)|
>>>> |_________________|
>>>> /\
>>>> |
>>>> \/
>>>> -------------------
>>>> |eth0(192.168.0.5)|
>>>> |gw 192.168.0.2) |
>>>> |_________________|
>>>>
>>>> Is it something to do with my routes? Please help, I've been
>>>> struggling over this for quite a few days, and I'm pretty sure "im
>>>> missing out on something really dumb...
>>>
>>>
>>>
>>>
>>> Please post:
>>>
>>> - the kernel version (uname -a)
>>>
>>> - the output of
>>> ifconfig -a
>>>
>>> - the output of
>>> route -n
>>>
>>> - the output of
>>> iptables -nvL
>>> or
>>> ipchains -nvL
>>>
>>> of the gateway host, so we do not need to guess so much.
>>>
>>>
>> Here's the rest of the info, as requested:
>>
>> The desktop box:
>> Linux garrido.localdomain 2.6.5-63255U10_3cl #1 Fri Sep 10 21:24:34
>> BRT 2004 i686 unknown unknown GNU/Linux
>> Conectiva Linux 10
>> NVidia NForce2 Onboard NIC
>> Athlon XP 2500+
>
>
> OK.
>
>> eth0 Encapsulamento do Link: Ethernet Endereço de HW
>> 00:E0:4C:C6:FA:94
>> inet end.: 192.168.0.5 Bcast:192.168.0.255 Masc:255.255.255.0
>> UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
>> pacotes RX:172 erros:0 descart.:0 sobrepos.:0 quadro:0
>> pacotes TX:377 erros:0 descart.:0 sobrepos.:0 portadora:0
>> colisões:0 txqueuelen:1000
>> RX bytes:22431 (21.9 Kb) TX bytes:28346 (27.6 Kb)
>> IRQ:177 Endereço de E/S:0x4000
>>
>> Tabela de Roteamento IP do Kernel
>> Destino Roteador MáscaraGen. Opções Métrica Ref
>> Uso Iface
>> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
>> 0 eth0
>> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
>> 0 lo
>> 0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0
>> 0 eth0
>
>
> OK.
>
>> --------------------------------------------------------------------------------
>>
>>
>> Gateway host:
>>
>> Linux gaws.localdomain 2.6.5-63077cl #1 Thu Jun 17 18:42:25 BRT 2004
>> i686 unknown unknown GNU/Linux
>> Conectiva Linux 10
>> Realtek 8139 NIC
>> 3Com 359x NIC
>> PII 333MHz
>>
>> eth0 Encapsulamento do Link: Ethernet Endereço de HW
>> 00:02:E3:0E:EB:CA
>> UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
>> pacotes RX:199 erros:0 descart.:0 sobrepos.:0 quadro:0
>> pacotes TX:203 erros:0 descart.:0 sobrepos.:0 portadora:0
>> colisões:0 txqueuelen:1000
>> RX bytes:15124 (14.7 Kb) TX bytes:13013 (12.7 Kb)
>> IRQ:10 Endereço de E/S:0xe00
>>
>> eth1 Encapsulamento do Link: Ethernet Endereço de HW
>> 00:50:04:AA:8A:42
>> inet end.: 192.168.0.2 Bcast:192.168.0.255 Masc:255.255.255.0
>> UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1
>> pacotes RX:420 erros:0 descart.:0 sobrepos.:0 quadro:0
>> pacotes TX:192 erros:0 descart.:0 sobrepos.:0 portadora:0
>> colisões:0 txqueuelen:1000
>> RX bytes:34314 (33.5 Kb) TX bytes:24603 (24.0 Kb)
>> IRQ:9 Endereço de E/S:0xdc00
>>
>> ppp0 Encapsulamento do Link: Protocolo Ponto-a-Ponto
>> inet end.: xxx.xxx.xxx.xxx P-a-P:200.138.225.254
>> Masc:255.255.255.255
>> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Métrica:1
>> pacotes RX:142 erros:0 descart.:0 sobrepos.:0 quadro:0
>> pacotes TX:148 erros:0 descart.:0 sobrepos.:0 portadora:0
>> colisões:0 txqueuelen:3
>> RX bytes:8478 (8.2 Kb) TX bytes:6364 (6.2 Kb)
>>
>> Tabela de Roteamento IP do Kernel
>> Destino Roteador MáscaraGen. Opções Métrica Ref
>> Uso Iface
>> 200.138.225.254 0.0.0.0 255.255.255.255 UH 0 0
>> 0 ppp0
>> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
>> 0 eth1
>> 0.0.0.0 0.0.0.0 255.0.0.0 U 0 0
>> 0 eth0
>> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
>> 0 lo
>> 0.0.0.0 200.138.225.254 0.0.0.0 UG 0 0
>> 0 ppp0
>
>
> This seems to be OK for a PPPoE setup.
>
>> Chain INPUT (policy ACCEPT 73 packets, 6668 bytes)
>> pkts bytes target prot opt in out source destination
>>
>> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>> pkts bytes target prot opt in out source destination
>> 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0
>> 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0
>> 0.0.0.0/0 state RELATED,ESTABLISHED
>> 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
>> 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0
>> 0.0.0.0/0 state RELATED,ESTABLISHED
>> 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
>> Chain OUTPUT (policy ACCEPT 48 packets, 5753 bytes)
>> pkts bytes target prot opt in out source destination
>> 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0
>>
>
> I do not see any NAT entries, and there seems to be plenty of
> extra rules for traffic between eth0 and eth1. You should not
> consider eth0 in the firewall scripts, the traffic goes to
> ppp0 (which then tunnels via eth0).
>
> Does your setup script contain:
>
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> Is forwarding enabled in kernel? Check /proc/sys/net/ipv4/ip_forward
>
> HTH
>
> Tauno Voipio
> tauno voipio (at) iki fi
>
Tried it, didn't work :( I still can't ping anywhere outside my
network. I'm sure I'm missing out on something really dumb. Oh, and
another important information I missed out on: if I setup my modem as a
router (meaning there's no need for a ppp0 connection), it works fine.
If i change it to bridge, and run rp-pppoe on the gateway host, then it
won't work. I have to do it like this, though, to be able to run apache,
because my modem doesn't support port forwarding.
Thnx for the help, anyway...
|