MASQ system not pinging outside address
This is a discussion on MASQ system not pinging outside address within the Linux Networking forums, part of the Linux Forums category; I havr configutrd my LAN and it's fine However it can't browse the internet. The MASQed machine (Windows) ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-18-2005
|
|||
|
|||
MASQ system not pinging outside address
I havr configutrd my LAN and it's fine However it can't browse the
internet. The MASQed machine (Windows) cannot ping the ISP gateway thru the router but it can ping the router (Linux local gateway) both internal and external IP address. But it doesn't ping the ISP gateway and other internet addresses like ping google et al. My firewall script looks like this: #!/bin/sh # # rc.firewall-iptables FWVER=0.76 # # Initial SIMPLE IP Masquerade test for 2.6 / 2.4 kernels # using IPTABLES. echo -e "\n\nLoading simple rc.firewall version $FWVER..\n" IPTABLES=/sbin/iptables DEPMOD=/sbin/depmod MODPROBE=/sbin/modprobe #Setting the EXTERNAL and INTERNAL interfaces for the network # EXTIF="eth0" INTIF="eth1" echo " External Interface: $EXTIF" echo " Internal Interface: $INTIF" echo -en " loading modules: " # Need to verify that all modules have all required dependencies # echo " - Verifying that all kernel modules are ok" $DEPMOD -a echo -en "ip_tables, " $MODPROBE ip_tables #Load the IPTABLES filtering module - "iptable_filter" # - Loaded automatically when filter policies are activated echo -en "ip_conntrack, " $MODPROBE ip_conntrack # Enabled by default -- insert a "#" on the next line to deactivate # echo -en "ip_conntrack_ftp, " $MODPROBE ip_conntrack_ftp echo -en "iptable_nat, " $MODPROBE iptable_nat echo "----------------------------------------------------------------------" echo " Enabling forwarding.." echo "1" > /proc/sys/net/ipv4/ip_forward # echo " Clearing any existing rules and setting default policy.." $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F echo " FWD: Allow all connections OUT and only existing and related ones IN" $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A FORWARD -j LOG echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF" $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE echo -e "\nDone.\n" while the result of my tcpdump -i eth0 -vxn looks like this: 21:10:25.160082 arp who-has 195.44.182.161 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 21:10:25.160082 arp who-has 195.44.182.162 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 21:10:25.160082 arp who-has 195.44.182.163 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 21:10:25.160082 arp who-has 195.44.182.165 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 21:10:25.160082 arp who-has 195.44.182.180 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 21:10:25.160082 arp who-has 195.44.182.172 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 21:10:25.160082 arp who-has 195.44.182.173 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 21:10:25.160082 arp who-has 195.44.182.175 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 21:10:25.160082 arp who-has 195.44.182.180 tell 195.44.182.161 0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c .............., 0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,...... 0x0020: 0000 0000 0000 0000 0000 0000 0000 .......... 9 packets captured 9 packets received by filter 0 packet dropped by kernel what do u think is the prob. My workstation (MASQed windows machine) can ping the local linux router which is same machine as internet gateway. It can ping both internal and external IP addresses. nakel 
|
Linear Mode
