|
hi,
I have redhat 8.0 with iptabes
iptables-1.2.6a-2
Problem is with icmp forwarding between
internal host behind linux router and
Internet.
internal host ------ eth1 --Linux
router --eth0-- Internet
Router's routing table:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 195.12.1.4 10.3.1.2 255.255.255.255 UGH 0 0 0 eth1 195.12.1.0 0.0.0.0 255.255.255.240 U 0 0 0 eth0 10.3.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 195.12.1.1 0.0.0.0 UG 0 0 0 eth0 $IPTABLES -t nat -A POSTROUTING -o $EXTIF -s $SRV_INT_IP -j SNAT --to
$SRV_EXT_IP
extif="eth0"
intif="eth1"
srv_int_ip="10.3.1.2"
srv_ext_ip="195.12.1.4"
I changed all default polices to ACCEPT
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT #Enable forwarding in kernel
echo 1 > /proc/sys/net/ipv4/ip_forward Everything works just fine till I try to ping 195.12.1.4 from public
network.
tcpdump listening at internal interface eth1:
12:48:45.990720 195.80.106.33 > 195.12.1.4: icmp: echo
request
12:48:47.157450 195.80.106.33 > 195.12.1.4: icmp: echo request 12:48:48.159049 195.80.106.33 > 195.12.1.4: icmp: echo request 12:48:49.160159 195.80.106.33 > 195.12.1.4: icmp: echo request when I remove static route
195.12.1.4 10.3.1.2
255.255.255.255 UGH 0
0 0 eth1
from the routing table I get destination host unreachable message from
routers external interface while
pinging 195.12.1.4 from Internet.
any tcp, udp connection from 10.3.1.2 are ok and translated to
195.12.1.4.
I just can't figure out why icmp request won't reach 10.3.1.2. My guess is
that something different must be done with
routing table but I'm not sure what.
Any help greatly appreciated.
Thanks,
vmtesting
|
