Re: Please help...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 28 June 2004 10:56 pm, Sam Loy wrote:

> I have 2 NICs in a Linux 9 installation.

Linux 9!?   Wow - I've only just upgraded to version 2.6 :)

> One card connects to my lan with a static ip of 192.168.1.1. The other
> connects to my DSL provider which dynamically allocates the ip.

Sounds pretty standard so far....

> I did this:
>
> modprobe iptable_nat
>
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> It does not work.

How are you testing it?

>  When I do a iptables -t nat  -n -L It displays:
>
> MASQUERADE all -- 0.0.0.0/0 		0.0.0.0/0

A more useful command in this case would be "iptables -L -t nat -nvx", because 
the -v option shows you the interfaces applying to the rules as well.

> Don't get it - Do I need to manually add a route?

Probably not, but what does your routing table show anyway?

Here are some things to test - in order:

1. Can you access anything out on the Internet from the firewall machine 
itself?   (Ping, traceroute would be good tests - by IP address if you don't 
have DNS resolving hostnames yet)

2. Do you have any rules in the FORWARD chain (and what is the FORWARD default 
policy)?

3. If you try a traceroute from a machine inside your LAN to an address on the 
Internet, what is the result?

4. After whatever tests you are trying, what does "iptables -L -nvx; iptables 
-L -t nat -nvx" show for the packet/byte counters on the rules (and default 
policies)?

You can't be too far away from a working solution - it's a pretty standard 
setup.

Regards,

Antony.

-- 
There are only 10 types of people in the world:
those who understand binary notation,
and those who don't.

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux