Newbie NAT question
This is a discussion on Newbie NAT question within the Linux Networking forums, part of the Linux Forums category; Hello folks, I'm trying to set up a home network, using an older PC as a gateway/apache server. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-03-2004
|
|||
|
|||
Newbie NAT question
Hello folks,
I'm trying to set up a home network, using an older PC as a gateway/apache server. The connection between both boxes works fine, and the gateway connects to the internet fine (ADSL ppp0 connection, it pings out of my net ok). All the NAT modules are loaded, I have cleared all firewall rules, but still the machine behind the gateway can't ping anywhere past the gateway. ipv4_forward is set to 1. I'll try to draw a diagram: | | | internet | |_____________| | | \/ ------------------- |ppp0(valid ip) | | /\ | | | | | \/ | |eth0 (ip 0.0.0.0)| | /\ | | | | | \/ | |eth1(192.168.0.2)| |_________________| /\ | \/ ------------------- |eth0(192.168.0.5)| |gw 192.168.0.2) | |_________________| Is it something to do with my routes? Please help, I've been struggling over this for quite a few days, and I'm pretty sure "im missing out on something really dumb... Thnx. 
|
|
11-03-2004
|
|||
|
|||
|
Re: Newbie NAT question
Fernando Vaz wrote:
> Hello folks, > > I'm trying to set up a home network, using an older PC as a > gateway/apache server. The connection between both boxes works fine, > and the gateway connects to the internet fine (ADSL ppp0 connection, it > pings out of my net ok). All the NAT modules are loaded, I have cleared > all firewall rules, but still the machine behind the gateway can't ping > anywhere past the gateway. ipv4_forward is set to 1. I'll try to draw a > diagram: > > > | | > | internet | > |_____________| > | > | > \/ > ------------------- > |ppp0(valid ip) | > | /\ | > | | | > | \/ | > |eth0 (ip 0.0.0.0)| > | /\ | > | | | > | \/ | > |eth1(192.168.0.2)| > |_________________| > /\ > | > \/ > ------------------- > |eth0(192.168.0.5)| > |gw 192.168.0.2) | > |_________________| > > Is it something to do with my routes? Please help, I've been struggling > over this for quite a few days, and I'm pretty sure "im missing out on > something really dumb... Please post: - the kernel version (uname -a) - the output of ifconfig -a - the output of route -n - the output of iptables -nvL or ipchains -nvL of the gateway host, so we do not need to guess so much. Tauno Voipio tauno voipio (at) iki fi
|
|
11-04-2004
|
|||
|
|||
|
Re: Newbie NAT question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On onsdag 3. november 2004, 17:11 Fernando Vaz tried to express an opinion: > All the NAT modules are loaded, I have cleared > all firewall rules, but still the machine behind the gateway can't > ping anywhere past the gateway. ipv4_forward is set to 1. I had that problem also, so I added some additional roules to my iptable script. === /sbin/iptables -t nat -F /sbin/iptables -t nat -A POSTROUTING -d ! 192.168.0.0/24 -o ppp0 -j MASQUERADE IPTABLES=/sbin/iptables echo " - Enabling packet fowarding in the kernel" echo "1" > /proc/sys/net/ipv4/ip_forward echo " - FWD: Allow all connections OUT and only existing and related ones IN" $IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i ppp0 -o eth0 -j ACCEPT === - -- Solbu - http://www.solbu.net Remove 'ugyldig' for email PGP key ID: 0xFA687324 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFBig+kT1rWTfpocyQRAnPGAKC2mo6IeF+x1A03Qo7ex3 YaVupNVgCfYAgG B7YC53KLi7XgqGEJnkHAwpE= =Tjty -----END PGP SIGNATURE-----
|
|
11-04-2004
|
|||
|
|||
|
Re: Newbie NAT question
Fernando Vaz <fernandovaz@matrix.com.br> wrote in message news:<2ushjoF2falr0U1@uni-berlin.de>...
> Hello folks, > > I'm trying to set up a home network, using an older PC as a > gateway/apache server. The connection between both boxes works fine, > and the gateway connects to the internet fine (ADSL ppp0 connection, it > pings out of my net ok). All the NAT modules are loaded, I have cleared > all firewall rules, but still the machine behind the gateway can't > ping anywhere past the gateway. ipv4_forward is set to 1. I'll try to > draw a diagram: > > > | | > | internet | > |_____________| > | > | > \/ > ------------------- > |ppp0(valid ip) | > | /\ | > | | | > | \/ | > |eth0 (ip 0.0.0.0)| > | /\ | > | | | > | \/ | > |eth1(192.168.0.2)| > |_________________| > /\ > | > \/ > ------------------- > |eth0(192.168.0.5)| > |gw 192.168.0.2) | > |_________________| > > Is it something to do with my routes? Please help, I've been struggling > over this for quite a few days, and I'm pretty sure "im missing out on > something really dumb... > > Thnx. Try this on your gw: ifconfig eth0 down /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
|
|
11-04-2004
|
|||
|
|||
|
Re: Newbie NAT question
Tauno Voipio escreveu:
> Fernando Vaz wrote: > >> Hello folks, >> >> I'm trying to set up a home network, using an older PC as a >> gateway/apache server. The connection between both boxes works fine, >> and the gateway connects to the internet fine (ADSL ppp0 connection, >> it pings out of my net ok). All the NAT modules are loaded, I have >> cleared all firewall rules, but still the machine behind the gateway >> can't ping anywhere past the gateway. ipv4_forward is set to 1. I'll >> try to draw a diagram: >> >> >> | | >> | internet | >> |_____________| >> | >> | >> \/ >> ------------------- >> |ppp0(valid ip) | >> | /\ | >> | | | >> | \/ | >> |eth0 (ip 0.0.0.0)| >> | /\ | >> | | | >> | \/ | >> |eth1(192.168.0.2)| >> |_________________| >> /\ >> | >> \/ >> ------------------- >> |eth0(192.168.0.5)| >> |gw 192.168.0.2) | >> |_________________| >> >> Is it something to do with my routes? Please help, I've been >> struggling over this for quite a few days, and I'm pretty sure "im >> missing out on something really dumb... > > > Please post: > > - the kernel version (uname -a) > > - the output of > ifconfig -a > > - the output of > route -n > > - the output of > iptables -nvL > or > ipchains -nvL > > of the gateway host, so we do not need to guess so much. > > Tauno Voipio > tauno voipio (at) iki fi > Here's the rest of the info, as requested: The desktop box: Linux garrido.localdomain 2.6.5-63255U10_3cl #1 Fri Sep 10 21:24:34 BRT 2004 i686 unknown unknown GNU/Linux Conectiva Linux 10 NVidia NForce2 Onboard NIC Athlon XP 2500+ eth0 Encapsulamento do Link: Ethernet Endereço de HW 00:E0:4C:C6:FA:94 inet end.: 192.168.0.5 Bcast:192.168.0.255 Masc:255.255.255.0 UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 pacotes RX:172 erros:0 descart.:0 sobrepos.:0 quadro:0 pacotes TX:377 erros:0 descart.:0 sobrepos.:0 portadora:0 colisões:0 txqueuelen:1000 RX bytes:22431 (21.9 Kb) TX bytes:28346 (27.6 Kb) IRQ:177 Endereço de E/S:0x4000 Tabela de Roteamento IP do Kernel Destino Roteador MáscaraGen. Opções Métrica Ref Uso Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0 0 eth0 -------------------------------------------------------------------------------- Gateway host: Linux gaws.localdomain 2.6.5-63077cl #1 Thu Jun 17 18:42:25 BRT 2004 i686 unknown unknown GNU/Linux Conectiva Linux 10 Realtek 8139 NIC 3Com 359x NIC PII 333MHz eth0 Encapsulamento do Link: Ethernet Endereço de HW 00:02:E3:0E:EB:CA UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 pacotes RX:199 erros:0 descart.:0 sobrepos.:0 quadro:0 pacotes TX:203 erros:0 descart.:0 sobrepos.:0 portadora:0 colisões:0 txqueuelen:1000 RX bytes:15124 (14.7 Kb) TX bytes:13013 (12.7 Kb) IRQ:10 Endereço de E/S:0xe00 eth1 Encapsulamento do Link: Ethernet Endereço de HW 00:50:04:AA:8A:42 inet end.: 192.168.0.2 Bcast:192.168.0.255 Masc:255.255.255.0 UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 pacotes RX:420 erros:0 descart.:0 sobrepos.:0 quadro:0 pacotes TX:192 erros:0 descart.:0 sobrepos.:0 portadora:0 colisões:0 txqueuelen:1000 RX bytes:34314 (33.5 Kb) TX bytes:24603 (24.0 Kb) IRQ:9 Endereço de E/S:0xdc00 ppp0 Encapsulamento do Link: Protocolo Ponto-a-Ponto inet end.: xxx.xxx.xxx.xxx P-a-P:200.138.225.254 Masc:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Métrica:1 pacotes RX:142 erros:0 descart.:0 sobrepos.:0 quadro:0 pacotes TX:148 erros:0 descart.:0 sobrepos.:0 portadora:0 colisões:0 txqueuelen:3 RX bytes:8478 (8.2 Kb) TX bytes:6364 (6.2 Kb) Tabela de Roteamento IP do Kernel Destino Roteador MáscaraGen. Opções Métrica Ref Uso Iface 200.138.225.254 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 200.138.225.254 0.0.0.0 UG 0 0 0 ppp0 Chain INPUT (policy ACCEPT 73 packets, 6668 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 48 packets, 5753 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0 I appreciate any help I can get...
|
|
11-04-2004
|
|||
|
|||
|
Re: Newbie NAT question
Tauno Voipio escreveu:
> Fernando Vaz wrote: > >> Hello folks, >> >> I'm trying to set up a home network, using an older PC as a >> gateway/apache server. The connection between both boxes works fine, >> and the gateway connects to the internet fine (ADSL ppp0 connection, >> it pings out of my net ok). All the NAT modules are loaded, I have >> cleared all firewall rules, but still the machine behind the gateway >> can't ping anywhere past the gateway. ipv4_forward is set to 1. I'll >> try to draw a diagram: >> >> >> | | >> | internet | >> |_____________| >> | >> | >> \/ >> ------------------- >> |ppp0(valid ip) | >> | /\ | >> | | | >> | \/ | >> |eth0 (ip 0.0.0.0)| >> | /\ | >> | | | >> | \/ | >> |eth1(192.168.0.2)| >> |_________________| >> /\ >> | >> \/ >> ------------------- >> |eth0(192.168.0.5)| >> |gw 192.168.0.2) | >> |_________________| >> >> Is it something to do with my routes? Please help, I've been >> struggling over this for quite a few days, and I'm pretty sure "im >> missing out on something really dumb... > > > Please post: > > - the kernel version (uname -a) > > - the output of > ifconfig -a > > - the output of > route -n > > - the output of > iptables -nvL > or > ipchains -nvL > > of the gateway host, so we do not need to guess so much. > > Tauno Voipio > tauno voipio (at) iki fi > Here's the rest of the info, as requested: The desktop box: Linux garrido.localdomain 2.6.5-63255U10_3cl #1 Fri Sep 10 21:24:34 BRT 2004 i686 unknown unknown GNU/Linux Conectiva Linux 10 NVidia NForce2 Onboard NIC Athlon XP 2500+ eth0 Encapsulamento do Link: Ethernet Endereço de HW 00:E0:4C:C6:FA:94 inet end.: 192.168.0.5 Bcast:192.168.0.255 Masc:255.255.255.0 UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 pacotes RX:172 erros:0 descart.:0 sobrepos.:0 quadro:0 pacotes TX:377 erros:0 descart.:0 sobrepos.:0 portadora:0 colisões:0 txqueuelen:1000 RX bytes:22431 (21.9 Kb) TX bytes:28346 (27.6 Kb) IRQ:177 Endereço de E/S:0x4000 Tabela de Roteamento IP do Kernel Destino Roteador MáscaraGen. Opções Métrica Ref Uso Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0 0 eth0 -------------------------------------------------------------------------------- Gateway host: Linux gaws.localdomain 2.6.5-63077cl #1 Thu Jun 17 18:42:25 BRT 2004 i686 unknown unknown GNU/Linux Conectiva Linux 10 Realtek 8139 NIC 3Com 359x NIC PII 333MHz eth0 Encapsulamento do Link: Ethernet Endereço de HW 00:02:E3:0E:EB:CA UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 pacotes RX:199 erros:0 descart.:0 sobrepos.:0 quadro:0 pacotes TX:203 erros:0 descart.:0 sobrepos.:0 portadora:0 colisões:0 txqueuelen:1000 RX bytes:15124 (14.7 Kb) TX bytes:13013 (12.7 Kb) IRQ:10 Endereço de E/S:0xe00 eth1 Encapsulamento do Link: Ethernet Endereço de HW 00:50:04:AA:8A:42 inet end.: 192.168.0.2 Bcast:192.168.0.255 Masc:255.255.255.0 UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 pacotes RX:420 erros:0 descart.:0 sobrepos.:0 quadro:0 pacotes TX:192 erros:0 descart.:0 sobrepos.:0 portadora:0 colisões:0 txqueuelen:1000 RX bytes:34314 (33.5 Kb) TX bytes:24603 (24.0 Kb) IRQ:9 Endereço de E/S:0xdc00 ppp0 Encapsulamento do Link: Protocolo Ponto-a-Ponto inet end.: 200.193.12.80 P-a-P:200.138.225.254 Masc:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Métrica:1 pacotes RX:142 erros:0 descart.:0 sobrepos.:0 quadro:0 pacotes TX:148 erros:0 descart.:0 sobrepos.:0 portadora:0 colisões:0 txqueuelen:3 RX bytes:8478 (8.2 Kb) TX bytes:6364 (6.2 Kb) Tabela de Roteamento IP do Kernel Destino Roteador MáscaraGen. Opções Métrica Ref Uso Iface 200.138.225.254 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 0.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 200.138.225.254 0.0.0.0 UG 0 0 0 ppp0 Chain INPUT (policy ACCEPT 73 packets, 6668 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 48 packets, 5753 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0
|
|
11-05-2004
|
|||
|
|||
|
Re: Newbie NAT question
Fernando Vaz wrote:
> Tauno Voipio escreveu: > >> Fernando Vaz wrote: >> >>> Hello folks, >>> >>> I'm trying to set up a home network, using an older PC as a >>> gateway/apache server. The connection between both boxes works fine, >>> and the gateway connects to the internet fine (ADSL ppp0 connection, >>> it pings out of my net ok). All the NAT modules are loaded, I have >>> cleared all firewall rules, but still the machine behind the gateway >>> can't ping anywhere past the gateway. ipv4_forward is set to 1. I'll >>> try to draw a diagram: >>> >>> >>> | | >>> | internet | >>> |_____________| >>> | >>> | >>> \/ >>> ------------------- >>> |ppp0(valid ip) | >>> | /\ | >>> | | | >>> | \/ | >>> |eth0 (ip 0.0.0.0)| >>> | /\ | >>> | | | >>> | \/ | >>> |eth1(192.168.0.2)| >>> |_________________| >>> /\ >>> | >>> \/ >>> ------------------- >>> |eth0(192.168.0.5)| >>> |gw 192.168.0.2) | >>> |_________________| >>> >>> Is it something to do with my routes? Please help, I've been >>> struggling over this for quite a few days, and I'm pretty sure "im >>> missing out on something really dumb... >> >> >> >> Please post: >> >> - the kernel version (uname -a) >> >> - the output of >> ifconfig -a >> >> - the output of >> route -n >> >> - the output of >> iptables -nvL >> or >> ipchains -nvL >> >> of the gateway host, so we do not need to guess so much. >> >> > Here's the rest of the info, as requested: > > The desktop box: > Linux garrido.localdomain 2.6.5-63255U10_3cl #1 Fri Sep 10 21:24:34 BRT > 2004 i686 unknown unknown GNU/Linux > Conectiva Linux 10 > NVidia NForce2 Onboard NIC > Athlon XP 2500+ OK. > eth0 Encapsulamento do Link: Ethernet Endereço de HW > 00:E0:4C:C6:FA:94 > inet end.: 192.168.0.5 Bcast:192.168.0.255 Masc:255.255.255.0 > UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 > pacotes RX:172 erros:0 descart.:0 sobrepos.:0 quadro:0 > pacotes TX:377 erros:0 descart.:0 sobrepos.:0 portadora:0 > colisões:0 txqueuelen:1000 > RX bytes:22431 (21.9 Kb) TX bytes:28346 (27.6 Kb) > IRQ:177 Endereço de E/S:0x4000 > > Tabela de Roteamento IP do Kernel > Destino Roteador MáscaraGen. Opções Métrica Ref Uso > Iface > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0 0 > eth0 OK. > -------------------------------------------------------------------------------- > > > Gateway host: > > Linux gaws.localdomain 2.6.5-63077cl #1 Thu Jun 17 18:42:25 BRT 2004 > i686 unknown unknown GNU/Linux > Conectiva Linux 10 > Realtek 8139 NIC > 3Com 359x NIC > PII 333MHz > > eth0 Encapsulamento do Link: Ethernet Endereço de HW > 00:02:E3:0E:EB:CA > UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 > pacotes RX:199 erros:0 descart.:0 sobrepos.:0 quadro:0 > pacotes TX:203 erros:0 descart.:0 sobrepos.:0 portadora:0 > colisões:0 txqueuelen:1000 > RX bytes:15124 (14.7 Kb) TX bytes:13013 (12.7 Kb) > IRQ:10 Endereço de E/S:0xe00 > > eth1 Encapsulamento do Link: Ethernet Endereço de HW > 00:50:04:AA:8A:42 > inet end.: 192.168.0.2 Bcast:192.168.0.255 Masc:255.255.255.0 > UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 > pacotes RX:420 erros:0 descart.:0 sobrepos.:0 quadro:0 > pacotes TX:192 erros:0 descart.:0 sobrepos.:0 portadora:0 > colisões:0 txqueuelen:1000 > RX bytes:34314 (33.5 Kb) TX bytes:24603 (24.0 Kb) > IRQ:9 Endereço de E/S:0xdc00 > > ppp0 Encapsulamento do Link: Protocolo Ponto-a-Ponto > inet end.: xxx.xxx.xxx.xxx P-a-P:200.138.225.254 > Masc:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Métrica:1 > pacotes RX:142 erros:0 descart.:0 sobrepos.:0 quadro:0 > pacotes TX:148 erros:0 descart.:0 sobrepos.:0 portadora:0 > colisões:0 txqueuelen:3 > RX bytes:8478 (8.2 Kb) TX bytes:6364 (6.2 Kb) > > Tabela de Roteamento IP do Kernel > Destino Roteador MáscaraGen. Opções Métrica Ref Uso > Iface > 200.138.225.254 0.0.0.0 255.255.255.255 UH 0 0 0 > ppp0 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 > eth1 > 0.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 > eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 200.138.225.254 0.0.0.0 UG 0 0 0 > ppp0 This seems to be OK for a PPPoE setup. > Chain INPUT (policy ACCEPT 73 packets, 6668 bytes) > pkts bytes target prot opt in out source destination > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0 > 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 > 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 > Chain OUTPUT (policy ACCEPT 48 packets, 5753 bytes) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0 > I do not see any NAT entries, and there seems to be plenty of extra rules for traffic between eth0 and eth1. You should not consider eth0 in the firewall scripts, the traffic goes to ppp0 (which then tunnels via eth0). Does your setup script contain: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE Is forwarding enabled in kernel? Check /proc/sys/net/ipv4/ip_forward HTH Tauno Voipio tauno voipio (at) iki fi
|
|
11-05-2004
|
|||
|
|||
|
Re: Newbie NAT question
Tauno Voipio escreveu:
> Fernando Vaz wrote: > >> Tauno Voipio escreveu: >> >>> Fernando Vaz wrote: >>> >>>> Hello folks, >>>> >>>> I'm trying to set up a home network, using an older PC as a >>>> gateway/apache server. The connection between both boxes works >>>> fine, and the gateway connects to the internet fine (ADSL ppp0 >>>> connection, it pings out of my net ok). All the NAT modules are >>>> loaded, I have cleared all firewall rules, but still the machine >>>> behind the gateway can't ping anywhere past the gateway. >>>> ipv4_forward is set to 1. I'll try to draw a diagram: >>>> >>>> >>>> | | >>>> | internet | >>>> |_____________| >>>> | >>>> | >>>> \/ >>>> ------------------- >>>> |ppp0(valid ip) | >>>> | /\ | >>>> | | | >>>> | \/ | >>>> |eth0 (ip 0.0.0.0)| >>>> | /\ | >>>> | | | >>>> | \/ | >>>> |eth1(192.168.0.2)| >>>> |_________________| >>>> /\ >>>> | >>>> \/ >>>> ------------------- >>>> |eth0(192.168.0.5)| >>>> |gw 192.168.0.2) | >>>> |_________________| >>>> >>>> Is it something to do with my routes? Please help, I've been >>>> struggling over this for quite a few days, and I'm pretty sure "im >>>> missing out on something really dumb... >>> >>> >>> >>> >>> Please post: >>> >>> - the kernel version (uname -a) >>> >>> - the output of >>> ifconfig -a >>> >>> - the output of >>> route -n >>> >>> - the output of >>> iptables -nvL >>> or >>> ipchains -nvL >>> >>> of the gateway host, so we do not need to guess so much. >>> >>> >> Here's the rest of the info, as requested: >> >> The desktop box: >> Linux garrido.localdomain 2.6.5-63255U10_3cl #1 Fri Sep 10 21:24:34 >> BRT 2004 i686 unknown unknown GNU/Linux >> Conectiva Linux 10 >> NVidia NForce2 Onboard NIC >> Athlon XP 2500+ > > > OK. > >> eth0 Encapsulamento do Link: Ethernet Endereço de HW >> 00:E0:4C:C6:FA:94 >> inet end.: 192.168.0.5 Bcast:192.168.0.255 Masc:255.255.255.0 >> UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 >> pacotes RX:172 erros:0 descart.:0 sobrepos.:0 quadro:0 >> pacotes TX:377 erros:0 descart.:0 sobrepos.:0 portadora:0 >> colisões:0 txqueuelen:1000 >> RX bytes:22431 (21.9 Kb) TX bytes:28346 (27.6 Kb) >> IRQ:177 Endereço de E/S:0x4000 >> >> Tabela de Roteamento IP do Kernel >> Destino Roteador MáscaraGen. Opções Métrica Ref >> Uso Iface >> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 >> 0 eth0 >> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 >> 0 lo >> 0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0 >> 0 eth0 > > > OK. > >> -------------------------------------------------------------------------------- >> >> >> Gateway host: >> >> Linux gaws.localdomain 2.6.5-63077cl #1 Thu Jun 17 18:42:25 BRT 2004 >> i686 unknown unknown GNU/Linux >> Conectiva Linux 10 >> Realtek 8139 NIC >> 3Com 359x NIC >> PII 333MHz >> >> eth0 Encapsulamento do Link: Ethernet Endereço de HW >> 00:02:E3:0E:EB:CA >> UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 >> pacotes RX:199 erros:0 descart.:0 sobrepos.:0 quadro:0 >> pacotes TX:203 erros:0 descart.:0 sobrepos.:0 portadora:0 >> colisões:0 txqueuelen:1000 >> RX bytes:15124 (14.7 Kb) TX bytes:13013 (12.7 Kb) >> IRQ:10 Endereço de E/S:0xe00 >> >> eth1 Encapsulamento do Link: Ethernet Endereço de HW >> 00:50:04:AA:8A:42 >> inet end.: 192.168.0.2 Bcast:192.168.0.255 Masc:255.255.255.0 >> UP BROADCASTRUNNING MULTICAST MTU:1500 Métrica:1 >> pacotes RX:420 erros:0 descart.:0 sobrepos.:0 quadro:0 >> pacotes TX:192 erros:0 descart.:0 sobrepos.:0 portadora:0 >> colisões:0 txqueuelen:1000 >> RX bytes:34314 (33.5 Kb) TX bytes:24603 (24.0 Kb) >> IRQ:9 Endereço de E/S:0xdc00 >> >> ppp0 Encapsulamento do Link: Protocolo Ponto-a-Ponto >> inet end.: xxx.xxx.xxx.xxx P-a-P:200.138.225.254 >> Masc:255.255.255.255 >> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Métrica:1 >> pacotes RX:142 erros:0 descart.:0 sobrepos.:0 quadro:0 >> pacotes TX:148 erros:0 descart.:0 sobrepos.:0 portadora:0 >> colisões:0 txqueuelen:3 >> RX bytes:8478 (8.2 Kb) TX bytes:6364 (6.2 Kb) >> >> Tabela de Roteamento IP do Kernel >> Destino Roteador MáscaraGen. Opções Métrica Ref >> Uso Iface >> 200.138.225.254 0.0.0.0 255.255.255.255 UH 0 0 >> 0 ppp0 >> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 >> 0 eth1 >> 0.0.0.0 0.0.0.0 255.0.0.0 U 0 0 >> 0 eth0 >> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 >> 0 lo >> 0.0.0.0 200.138.225.254 0.0.0.0 UG 0 0 >> 0 ppp0 > > > This seems to be OK for a PPPoE setup. > >> Chain INPUT (policy ACCEPT 73 packets, 6668 bytes) >> pkts bytes target prot opt in out source destination >> >> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) >> pkts bytes target prot opt in out source destination >> 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0 >> 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 >> 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 >> 0.0.0.0/0 state RELATED,ESTABLISHED >> 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 >> Chain OUTPUT (policy ACCEPT 48 packets, 5753 bytes) >> pkts bytes target prot opt in out source destination >> 0 0 ACCEPT all -- * eth0 192.168.0.0/24 0.0.0.0/0 >> > > I do not see any NAT entries, and there seems to be plenty of > extra rules for traffic between eth0 and eth1. You should not > consider eth0 in the firewall scripts, the traffic goes to > ppp0 (which then tunnels via eth0). > > Does your setup script contain: > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > > Is forwarding enabled in kernel? Check /proc/sys/net/ipv4/ip_forward > > HTH > > Tauno Voipio > tauno voipio (at) iki fi > Tried it, didn't work :( I still can't ping anywhere outside my network. I'm sure I'm missing out on something really dumb. Oh, and another important information I missed out on: if I setup my modem as a router (meaning there's no need for a ppp0 connection), it works fine. If i change it to bridge, and run rp-pppoe on the gateway host, then it won't work. I have to do it like this, though, to be able to run apache, because my modem doesn't support port forwarding. Thnx for the help, anyway...
|
Linear Mode
