В Птн, 05/02/2010 в 15:01 -0500, Dan Daugherty пишет: > > Are you using /16 netmask? > No, I just took the 10.117 part off the ip's to shorten the message. > > > > > > None of them got SNATed. Why? Should they go out through eth0? Try to > > remove "-o eth0". > Removed it and no change > > > > Also do you have ip.forwarding enabled (sysctl -a | grep forward")? > net.ipv6.conf.eth0.forwarding = 0 > net.ipv6.conf.default.forwarding = 0 > net.ipv6.conf.all.forwarding = 0 > net.ipv6.conf.lo.forwarding = 0 > net.ipv4.conf.eth0.mc_forwarding = 0 > net.ipv4.conf.eth0.forwarding = 1 > net.ipv4.conf.lo.mc_forwarding = 0 > net.ipv4.conf.lo.forwarding = 1 > net.ipv4.conf.default.mc_forwarding = 0 > net.ipv4.conf.default.forwarding = 1 > net.ipv4.conf.all.mc_forwarding = 0 > net.ipv4.conf.all.forwarding = 1 > > > > > Can you reach 10.117.1.205:1521 from sethra (telnet 10.117.1.205 1521)? > > > Negative, but the command from sethra fails immediately with nothing > showing in the logs You should first be able to reach it from sethra. What it says when it fails? What is output of "ifconfig; route -n"? It seems like sethra can't make path to 10.117.1.205 or nothing sits there on 1521 port. > There has also been mention of a FORWARD chain being necessary. I > haven't done anything outside of the commands listed in this thread. Check chain policies not to be DROP. Show output of "iptables-save". -- Покотиленко Костик <casper@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
