sysctl -w net.ipv6.conf.all.forwarding=1 should be sysctl -w net.ipv4.conf.all.forwarding=1 After sysctl -w net.ipv4.conf.all.forwarding=1 it should work. It is not work, check your all rules and route. 03/07/2016 09:26 AM tarihinde Tobias Andresen yazdı: > Am 07.03.2016 um 04:49 schrieb Remzi AKYÜZ: >> Hi, >> >> I am thinking this is enough f for you. >> >> At Embedded board : >> >> iptables -A FORWARD -p udp --dport 123 -s 192.168.31.96/30 -j ACCEPT >> >> iptables -A FORWARD -s 192.168.31.96/30 -j DROP >> >> iptables -t nat -A POSTROUTING -p udp --dport 123 -j MASQUERADE >> >> sysctl -w net.ipv6.conf.all.forwarding=1 >> >> After that please check your all ip tables rules like as; >> >> iptables-save >> >> iptables -L -vnx --line-numbers >> >> iptables -L -t nat -vnx --line-numbers > Thanks for your help but it seems not to work. > > >> 03/06/2016 11:16 PM tarihinde Tobias Andresen yazdı: >>> Am 06.03.2016 um 21:42 schrieb Pascal Hambourg: >>>> Tobias Andresen a écrit : >>>>> i have following network structure: >>>>> >>>>> >>>>> NTP-Server (62.214.6.29) >>>>> | >>>>> | >>>>> | >>>>> (eth0: 10.0.0.95) >>>>> Embedded board >>>>> (eth1: 192.168.31.95) >>>>> | >>>>> | >>>>> | >>>>> Ethernet-Switch >>>>> | | | >>>>> | | | >>>>> PC1 | PC3 (192.168.31.98) >>>>> (192.168.31.96) | >>>>> | >>>>> PC2 >>>>> (192.168.31.97) >>>>> >>>>> >>>>> The 3 PCs shall be able to connect to the NTP server (62.214.6.29) >>>>> to update their time but i cannot figure out how to configure the >>>>> iptables rules >>>>> on the embedded board to achieve this. >>>> Why do you think you need iptables rules ? Isn't plain routing >>>> enough ? >>> The PCs should only be able use NTP (Port 123). They should not be >>> able tohave full access (i.e. internet, ...) >>>>> I have tried to forward port 123 but it does not work. >>>> This statement does not contain any useful information. It does not >>>> describe what you did and what happened. >>> I tried following rule for one PC: >>> >>> iptables -t nat -A PREROUTING -p udp --dport 123 -j DNAT >>> --to-destination 192.168.31.96:123 >>> iptables -t nat -A POSTROUTING -p udp --dport 123 -j MASQUERADE >>> >>> I know this would work only for one client but it was for testing >>> purposes. >>> >>> >>> >>> >>>> -- >>>> To unsubscribe from this list: send the line "unsubscribe >>>> netfilter" in >>>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> -- >>> To unsubscribe from this list: send the line "unsubscribe netfilter" in >>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>> More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
