Hello, I'm trying to use iptables on a ULTRASparc U60 (smp) without any success. I use the same version of iptables on several i386, an U420R (kernel 2.4 SMP) and an U1E with succes... Root bohr:[~] > lsmod Module Size Used by iptable_mangle 3328 0 autofs4 18632 1 ipt_TCPMSS 4800 0 ipt_tcpmss 3008 0 ipt_MASQUERADE 3844 1 iptable_nat 8708 1 ip_nat 20824 2 ipt_MASQUERADE,iptable_nat ip_conntrack 60264 3 ipt_MASQUERADE,iptable_nat,ip_nat iptable_filter 3392 0 ip_tables 21184 6 iptable_mangle,ipt_TCPMSS,ipt_tcpmss,ipt_MASQUERADE,iptable_nat,iptable_filter sg 33720 0 sr_mod 16940 0 cdrom 40880 1 sr_mod usblp 12928 0 parport_pc 39816 0 parport 41688 1 parport_pc Root bohr:[~] > iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Root bohr:[~] > iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Root bohr:[~] > cat /proc/sys/net/ipv4/ip_forward 1 Root bohr:[~] > 192.168.0.100 is a i386 workstation. Its default gateway is 192.168.0.128. 192.168.0.128 is the second ethernet interface of my U60. Address of the first one is 10.0.0.1 and is used to be the support of ppp0. When I try to ping www.kernel.org from 192.168.0.200. I can see : Root bohr:[~] > tcpdump -i eth1 proto ICMP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes 18:04:56.333172 IP 192.168.0.100 > zeus-pub1.kernel.org: ICMP echo request, id 53550, seq 13056, length 64 18:04:57.337379 IP 192.168.0.100 > zeus-pub1.kernel.org: ICMP echo request, id 53550, seq 13312, length 64 18:04:58.341366 IP 192.168.0.100 > zeus-pub1.kernel.org: ICMP echo request, id 53550, seq 13568, length 64 18:04:59.345455 IP 192.168.0.100 > zeus-pub1.kernel.org: ICMP echo request, id 53550, seq 13824, length 64 4 packets captured 8 packets received by filter 0 packets dropped by kernel Root bohr:[~] > tcpdump -i ppp0 proto ICMP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 18:05:36.501017 IP bohr.systella.fr > zeus-pub1.kernel.org: ICMP echo request, id 53550, seq 23296, length 64 18:05:36.712653 IP zeus-pub1.kernel.org > bohr.systella.fr: ICMP echo reply, id 53550, seq 23296, length 64 18:05:37.505105 IP bohr.systella.fr > zeus-pub1.kernel.org: ICMP echo request, id 53550, seq 23552, length 64 18:05:37.717251 IP zeus-pub1.kernel.org > bohr.systella.fr: ICMP echo reply, id 53550, seq 23552, length 64 18:05:38.509186 IP bohr.systella.fr > zeus-pub1.kernel.org: ICMP echo request, id 53550, seq 23808, length 64 18:05:38.723250 IP zeus-pub1.kernel.org > bohr.systella.fr: ICMP echo reply, id 53550, seq 23808, length 64 6 packets captured 12 packets received by filter 0 packets dropped by kernel Root bohr:[~] > cat /var/lib/iptables/active # Generated by iptables-save v1.2.7a on Tue Mar 4 10:43:40 2003 *nat :PREROUTING ACCEPT [5:340] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [334:24336] [334:24336] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE COMMIT # Completed on Tue Mar 4 10:43:40 2003 # Generated by iptables-save v1.2.7a on Tue Mar 4 10:43:40 2003 *filter :INPUT ACCEPT [3612:629789] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3708:560260] COMMIT # Completed on Tue Mar 4 10:43:40 2003 Root bohr:[~] > When I try to make a ping over the U60, I obtain : Root bohr:[~] > cat /proc/net/ip_conntrack | grep icmp icmp 1 29 src=192.168.0.100 dst=213.41.184.253 type=8 code=0 id=64616 packets=2888 bytes=242592 [UNREPLIED] src=213.41.184.253 dst=213.41.140.153 type=0 code=0 id=64616 packets=0 bytes=0 mark=0 use=1 Root bohr:[~] > Strange, isn't it ? Thus, all paquets taht come from 192.168.0.100 are routed by ppp0. www.kernel.org answers to my ping, but my U60 doesn't transmet the incoming paquet to 192.168.0.100. Why ? Any idea ? Regards, JKB
