Re: [leaf-user] Can't ping

Wed, 02 Oct 2002 08:26:15 -0700 

Liu Mei wrote:
> Well. Things become better.
> 
> Now the eth0 (the external port) is 192.168.1.113,
> which is assigned by running dhclient.
> 
> The eth1 (the internal port) is 192.168.2.1, which is
> assigned by myself.


Jumping some hoops to run that IP I guess, but
I havent' been following this thread too closely.
Sounds fun....




> I can now ping the internet and LAN from my route.
> I can also ping 2.1 from LAN
> 
> But I can't ping the internet from LAN.


See below....




> The follows are the things you may want to check
> 
> Please help.
> 
> Kind Regards,
> 
> Liumei





> Chain forward (policy ACCEPT: 0 packets, 0 bytes):
>  pkts bytes target     prot opt    tosa tosx  ifname     source            
>destination             ports
>     4   240 ACCEPT     all  ------ 0xFF 0x00  eth0      192.168.2.0/24        
>0.0.0.0/0             n/a
>     0     0 ACCEPT     all  ------ 0xFF 0x00  eth0          0.0.0.0/0     
>192.168.2.0/24            n/a
>     0     0 MASQ       all  ------ 0xFF 0x00  eth1      192.168.2.0/24        
>0.0.0.0/0             n/a



Well I don't get why you have the above 3 rules
considering your setup runs on dual private network
segments.  You can see that the MASQ rule never gets used.

I'd think that because your eth0 goes to an ISP/Internet
that you want to MASQ traffic from your internal LAN out
to the net, not forward it unMASQed.

So the first line is doing all the work because it's the first
rule that applies to the traffic in question, and the traffic
is getting moved to go out eth0 unMASQed.

The second line I don't get at all.  Why would you try
to forward all traffic destined for the .2.0/24 network
out of eth0?

The third line is almost what you want, but should read
more like this, I believe, but I've been wrong lately :)


    0     0 MASQ       all  ------ 0xFF 0x00  eth0      192.168.2.0/24        
0.0.0.0/0             n/a
                                                ^^^
                                                 |
                                                /
                                               /
                                         my changes





And finally....


> Chain output (policy ACCEPT: 2 packets, 168 bytes):
>  pkts bytes target     prot opt    tosa tosx  ifname       source        destination 
>    ports
>     0     0 ACCEPT     all  ------ 0xFF 0x00  lo         0.0.0.0/0         0.0.0.0/0 
>     n/a
>     4   240 DENY       all  ------ 0xFF 0x00  eth0   192.168.2.0/24        0.0.0.0/0 
>     n/a
>     0     0 DENY       all  ------ 0xFF 0x00  eth0       0.0.0.0/0     
>192.168.2.0/24     n/a




Here you can see that your rules are DENYing any traffic
from getting out eth0 if the traffic came from 192.168.2.0/24.

Well, first you forwarded it over to go out there, but then you
fail to let it out.  Why do that ?  :-)

And now, back to the right honorable Ray O.
Good Luck,
matthew



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to