/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ On Thu, 7 Jun 2001, raf wrote: > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! > /* ALSO: Don't quote this header. It makes you look lame :-) */ > > > Jeff Chan wrote: > > > I am running Red Hat 7.1 and updated the kernel to 2.4.5. I have followed > > all the configuration in the HOWTO. > > > > My network is like this: > > eth0: get the ip by DHCP via cable modem > > eth1: connect to the LAN, ip = 192.168.0.1 > > > > My internal pc(win2000) can connect to the linux server(telnet, smb). > > However, the internal pc can't ping anywhere outside the LAN except the ip > > of eth0 by the DHCP. I have read the whole HOWTO and can't fix that. > > Please help... > > > > Here is the detailed info, hope can help fixing the problems. > > > > netstat -rn > > ----------- > > Kernel IP routing table > > Destination Gateway Genmask Flags MSS Window irtt Iface > > 192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 > > 61.10.56.0 0.0.0.0 255.255.248.0 U 40 0 0 eth0 > > 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo > > 0.0.0.0 192.168.0.254 0.0.0.0 UG 40 0 0 eth1 > > 0.0.0.0 61.10.56.1 0.0.0.0 UG 40 0 0 eth0 > > > > > > cat /proc/sys/net/ipv4/ip_forward > > 1 > > > > > > rulesets (simple ruleset from HOWTO) > > /sbin/iptables -A FORWARD -j DROP > > /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > > > > > iptables -n -L > > Chain INPUT (policy ACCEPT) > > target prot opt source destination > > > > Chain FORWARD (policy ACCEPT) > > target prot opt source destination > > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > DROP all -- 0.0.0.0/0 0.0.0.0/0 > > > > Chain OUTPUT (policy ACCEPT) > > target prot opt source destination > > i think you still need to turn on icmp masquerading in the kernel. > in linux-2.2 it's a kernel parameter. it may still be one in linux-2.4. > to find out, do "cd /usr/src/linux; make xconfig" and look around. > > raf I can't find it in the kernel config menu. It's probably included in the new iptables (as the HOWTO says). I do turn on the masq option before compiling. I think there is something wrong in "iptables -L" as the only entries are "DROP". I can't see MASQ at all. Any common errors would make the scenario like mine. Please help... :D _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
