Re: [Masq] Fail in "Testing external MASQ ICMP forwarding" using iptables

Wed, 06 Jun 2001 20:19:00 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Jeff Chan wrote:

> I am running Red Hat 7.1 and updated the kernel to 2.4.5. I have followed
> all the configuration in the HOWTO.
> 
> My network is like this:
> eth0: get the ip by DHCP via cable modem
> eth1: connect to the LAN, ip = 192.168.0.1
> 
> My internal pc(win2000) can connect to the linux server(telnet, smb).
> However, the internal pc can't ping anywhere outside the LAN except the ip
> of eth0 by the DHCP. I have read the whole HOWTO and can't fix that.
> Please help...
> 
> Here is the detailed info, hope can help fixing the problems.
> 
> netstat -rn
> -----------
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window irtt Iface
> 192.168.0.0     0.0.0.0         255.255.255.0   U        40 0         0 eth1
> 61.10.56.0      0.0.0.0         255.255.248.0   U        40 0         0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U        40 0         0 lo
> 0.0.0.0         192.168.0.254   0.0.0.0         UG       40 0         0 eth1
> 0.0.0.0         61.10.56.1      0.0.0.0         UG       40 0         0 eth0
> 
> 
> cat /proc/sys/net/ipv4/ip_forward 
> 1
> 
> 
> rulesets (simple ruleset from HOWTO)
> /sbin/iptables -A FORWARD -j DROP
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
> 
> iptables -n -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination         
> DROP       all  --  0.0.0.0/0            0.0.0.0/0          
> DROP       all  --  0.0.0.0/0            0.0.0.0/0          
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         

i think you still need to turn on icmp masquerading in the kernel.
in linux-2.2 it's a kernel parameter. it may still be one in linux-2.4.
to find out, do "cd /usr/src/linux; make xconfig" and look around.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to