/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Michael A. Horning wrote:
> I want to both have a Masqueraded subnet and have routable IP numbers
> going through the same linux router, and I don't seem to be able to get
> it to work. I saw the posts before concerning this issue and I tried to
> implement those ipchain sets, but something is still not working with
> the routable IP's. I have 5 routable IP's and two Masq'ed subnets, and
> to begin I just want it to work with simple ipchains on two of the
> routable IP's (the one going to the dsl modem on eth0 and the one on the
> internal client machine); I will add more ipchain sets later on.
>
> This is what I have so far which I copied from the previous posts on
> this subject from this mailing list, and I have tried many different
> configurations with the same sort of information with no luck. The two
> Masq'ed subnets work fine though, it is just that I cannot seem to get
> any information to pass to the internal client machine that has a
> routable IP.
>
> Thanks for any input.
>
> Mike
>
> **Here is the contents of the chain set:
>
> /sbin/ipchains -A forward -s 64.169.186.140 -i eth0 -j ACCEPT
> /sbin/ipchains -A forward -d 64.169.186.140 -i eth1 -j ACCEPT
> /sbin/ipchains -A forward -s 192.168.1.0/24 -i eth0 -j MASQ
> /sbin/ipchains -A forward -s 192.168.4.0/24 -i eth0 -j MASQ
> /sbin/ipchains -A forward -j DENY -l
>
> **Here is the output when I issue #ipchains -L -n:
>
> Chain input (policy ACCEPT):
> Chain forward (policy DENY):
> target prot opt source destination
> ports
> ACCEPT all ------ 64.169.186.140 0.0.0.0/0 n/a
> ACCEPT all ------ 0.0.0.0/0 64.169.186.140 n/a
> MASQ all ------ 192.168.1.0/24 0.0.0.0/0 n/a
> MASQ all ------ 192.168.4.0/24 0.0.0.0/0 n/a
> DENY all ----l- 0.0.0.0/0 0.0.0.0/0 n/a
> Chain output (policy ACCEPT):
that all looks ok (except there's only 1 routable internal ip address,
not several as you mention).
have you checked all your routing tables? can the masquerading host
ping 64.169.186.140? can 64.169.186.140 ping the masquerading host?
the next thing to do is to run tcpdump on both eth0 and eth1 while trying
to forward packets through the masquerading host from 64.169.186.140.
that'll tell you what the packets look like and where they're going.
just seeing the packets is often enough to work out the problem.
if you don't see them, run tcpdump closer to the source until you do.
it might also be a cable probem (wrong type of cable, broken cable).
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
