> Is the default gateway ok? It points to 192.168.1.1 which is on a
> private LAN connected to eth2.
>
> I should have said in the original post. This is
> a lab behind an existing firewall. The 'Internet'
> in the topo drawing is a pretend Internet. The
> real Internet connection is on the other side of
> 192.168.1.1 (the 'inside-net').
But you have to make sure that the box you are trying to ping, has a rout=
e to=20
you. So it knows where to send the answer to the ping. If i't doesn't k=
now,=20
you have to add a route on the target box or masqueing the packets.
> And if you want to ping from the lan to internet, you will need to d=
o
> SNAT (masquerading). You need a rule like this :
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> tcpdump is not installed on this box. And the
> iptables rules are disabled. In other words they
> are all set to accept. If I use the iptables
> command you suggest, will it actually log
> anything?
ipables -A INPUT -j LOG
gives in /var/log/messages :
Mar 24 16:16:03 lieve kernel: IN=3Deth0 OUT=3D=20
MAC=3D00:a0:c9:1a:9c:eb:00:50:da:d0:d8:95:08:00 SRC=3D192.168.1.101=20
DST=3D192.168.1.100 LEN=3D164 TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D64662 =
DF PROTO=3DTCP=20
SPT=3D3234 DPT=3D6000 WINDOW=3D63712 RES=3D0x00 ACK PSH URGP=3D0
Stef
--=20
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
