/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
StOo Macdonald wrote:
> i am having a very (very) similar problem to Jeff who posted the "Re: Fail
> in "Testing external MASQ ICMP forwarding" using iptables" message not long
> ago.
>
> i am running RH7.1 (no kernel upgrades, nothing beyond the base workstation
> install)
>
> my network setup is as follows:
>
> Cable Modem --> [eth0] RedHat Box (Masq) [eth1] --> Switch --> Windows Boxes
> (Masq Clients)
>
> i followed the latest HOWTO pretty much 100%. however, my windows clients
> cannot ping (or do anything else for that matter) beyond the external
> interface.
>
> ifconfig details are as follows:
>
> --------------------------------------------
>
> eth0 Link encap:Ethernet HWaddr 00:D0:70:01:08:71
> inet addr:62.253.181.129 Bcast:255.255.255.255
> Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1503 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1418 errors:0 dropped:0 overruns:0 carrier:0
> collisions:8 txqueuelen:100
> Interrupt:12 Base address:0x6000
>
> eth1 Link encap:Ethernet HWaddr 00:D0:70:00:FD:1F
> inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:31 errors:0 dropped:0 overruns:0 frame:0
> TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> Interrupt:10 Base address:0x8000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:6 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
>
> --------------------------------------------
>
> and netstat -rn gives the following output:
>
> --------------------------------------------
>
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0
> eth1
> 62.253.181.0 0.0.0.0 255.255.255.0 U 40 0 0
> eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
> 0.0.0.0 62.253.181.254 0.0.0.0 UG 40 0 0
> eth0
>
> --------------------------------------------
>
> doing "cat /proc/sys/net/ipv4/ip_forward" returns "1", as it should.
>
>
> finally, doing iptables -t nat -L gives:
>
> --------------------------------------------
>
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> --------------------------------------------
>
> this is using the generic test Masq rc.firewall provided in the Masq HOWTO.
>
> does anyone have any idea what's up? i can't see why this refuses to work..
> it looks like Masq is enabled, and IP Forwarding is enabled. however, no
> matter what i try i always fail at the "Testing external MASQ ICMP
> forwarding" stage of the HOWTO.
>
> if anyone has any suggestions (bearing in mind that i'm a newbie) on how to
> get this working i'd LOVE to hear them as this is driving me mad!
>
> thanks in advance!
>
> stoo..
your masquerading rule has both the source and destination addresses
as "anywhere". that's wrong unless you also specify eth0 as the interface
in that rule (it's not shown by the ipchains -L output). could that be it?
the best thing to do is to run tcpdump on both eth0 and eth1 while a
masqueraded host tries to make a connection to the internet so you can
see what the packets look like and where they are going.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
