Run "iptables -t nat -nvL", and look for a rule in POSTROUTING similar to this one (in which I reckessly reveal my own static IP address, on the theory that 3 wrongs neither make a right nor improve the readibility of troubleshooting advice) --
Chain POSTROUTING (policy ACCEPT 149K packets, 9127K bytes)
pkts bytes target prot opt in out source destination
147K 8592K SNAT all -- * eth0 !63.198.182.124 0.0.0.0/0 to:63.198.182.124
If it is not there, you create this rule with a command like this one:
iptables -t nat -A POSTROUTING -o eth0 -s \! 63.198.182.124 -j SNAT --to-source 63.198.182.124
Since I don't know how you set up iptables on your system -- I don't even know how stock Red Hat does it, and I won't even try to troubleshoot a description like "I looked up the internet and ran some scripts" -- I can tell you only the rule you need, not where in your setup to put the command to add it.
If this isn't enough to fix your problem, then when you describe it next time, you need at least to tell us where you are pinging these IP addresses *from*. Others have tried to guess what you mean by "Pinging 192.168.1.1 from eth0" and "pinging xxx.xxx.xxx.xxx from eth1" mean, but I prefer to ask you to be clear than to guess. Identify the host explicitly, quote the actual command you entered (if you feel you must obfuscate the external IP address, at least quote the rest of the command intact) and the exact, complete actual response.
Anyway, if you have a LAN to NAT, then you have a host other than this Linux host on it, right? You should be testing the ability of the Linux host to route using that host, not by doing tricky things with the interfaces on the Linux host itself. So if you are using ping with the -I flag, that's not the best test of routing and NAT'ing ability. Instead, see if a LAN host can ping --
the Linux router's internal IP address
the Linux router's external IP address
your ISP's gateway IP address (the Limux router's default gateway, that is)
some well-known Internet IP address (one known to respond to pings; not all do)
Use the success or failure of these tests to determine whether your Linux host is routing/NAT'ing the LAN successfully.
There are several well-known drop-in firewalling packages that will handle a NAT'd connection like yours probably is. The one I'm most familiar with is Shorewall (shorewall.sourceforge.net, I think). You might find it easier to turn to one of them, since any good one will deal with both your NAT'ing needs and typical firewalling requirements.
At 09:31 PM 1/21/2004 -0500, Chadha, Devesh wrote:
Here are all the answers:
Chuck's questions: My IP address is a public IP. I think I am not NATing correctly and hence this problem. ping -c 4 192.168.1.1 gives: 64 bytes from 192.168.1.1 icmp_seq=1 ttl=64 time=0.237 ms 64 bytes from 192.168.1.1 icmp_seq=2 ttl=64 time=0.152 ms 64 bytes from 192.168.1.1 icmp_seq=3 ttl=64 time=0.150 ms 64 bytes from 192.168.1.1 icmp_seq=4 ttl=64 time=0.152 ms
--- 192.168.1.1 ping statistics --- 4 packets transmitted, 4 received, 0% loss, time 3000ms
ping -c 4 xxx.xxx.xxx.xxx gives: 64 bytes from xxx.xxx.xxx.xxx icmp_seq=1 ttl=64 time=0.237 ms 64 bytes from xxx.xxx.xxx.xxx icmp_seq=2 ttl=64 time=0.146 ms 64 bytes from xxx.xxx.xxx.xxx icmp_seq=3 ttl=64 time=0.151 ms 64 bytes from xxx.xxx.xxx.xxx icmp_seq=4 ttl=64 time=0.149 ms
--- xxx.xxx.xxx.xxx ping statistics --- 4 packets transmitted, 4 received, 0% loss, time 2998ms
Rays questions: 1. Correction, both are not on same subnet. Sorry for the wrong info. I guess I am not NATing right 2. given that information. see below 3. ip forwarding is on. I dont know if I have NATing set up correct. I looked up the internet and ran some scripts. Here is my iptables -nvl output:
Chain INPUT (policy ACCEPT 46 packets, 4390 bytes) pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 66 packets, 6036 bytes) pkts bytes target prot opt in out source destination
4.Pinging 192.168.1.1 from eth0 gave destnation host unreachable and pinging xxx.xxx.xxx.xxx from eth1 gave the same.
5. I can connect to internet using eth0 since I can browse the internet. I can also ping the gateway from eth0
Hope this helps. I know that xxx.xxx.... is annoying, but I cant help it.
Thanks for taking interest...
[old stuff deleted] [new garbage deleted]
- To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs
