ipchains and masquerading help

"Simon Collyer" <scollyer@xxxxxxxxxxxxx> · Wed, 23 Apr 2003 21:00:43 +1000

Hey All,

I'm sure this has been covered somewhere, but for the life of me cannot find
it,

The situation is, one box, two nics.

nic one -> static IP address, routed through adsl modem. (210.8.131.XXX)
(ETH0)
nic two -> dhcp'ing 192.168 address --> net interface 192.168.0.1 (ETH1)

I can reach the internet from nic one without a problem, but trying to get
out
from nic two, does not work, I believe it's a problem with it not
masquerading
correctly... or at all..

My route table

<snip>
[root@xxxxxxxxxx /]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
210.8.131.XXX   *               255.255.255.240 U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         gateway.XXX 0.0.0.0         UG    0      0        0 eth0
</snip>

iptables at present
<snip>

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.189.54.17 --sport 53 -d 0/0 -j
ACCE
PT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 203.8.131.1 --sport 53 -d 0/0 -j
ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 192.189.54.33 --sport 53 -d 0/0 -j
ACCE
PT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

</snip>

Can someone shed me some light in what I need to add to get masquerading
working correctly.

I've already got this in

echo 1 >>/proc/sys/net/ipv4/ip_forward

examples of ping

[eth0]

[root@xxxxxxxxxx /]# ping 192.189.54.17
PING 192.189.54.17 (192.189.54.17) 56(84) bytes of data.
64 bytes from 192.189.54.17: icmp_seq=1 ttl=251 time=18.8 ms
64 bytes from 192.189.54.17: icmp_seq=2 ttl=251 time=14.7 ms

[eth1]

[root@xxxxxxxxxx /]# ping -I eth1 192.189.54.17
PING 192.189.54.17 (192.189.54.17) from 192.168.0.1 eth1: 56(84) bytes of
data.
>From 192.168.0.1 icmp_seq=1 Destination Host Unreachable
>From 192.168.0.1 icmp_seq=2 Destination Host Unreachable
>From 192.168.0.1 icmp_seq=3 Destination Host Unreachable

Thanks

Simon

-- 
Psyche-list mailing list
Psyche-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/psyche-list