Hi,
I posted this a couple weeks ago, but there was no response so I'll
post again in the hopes someone might be able to help me with it. I was
having trouble with a single NAT connection with a very basic script,
and someone suggested adding the second ip address for the purpose of
arp response from the upstream router. I did this, but still have no
luck. Here is my config, and my ip address info (hidden last bits). The
ip addr show command output has the 3 addresses configured for that
interface.
Am I missing something really basic? Is there something else I should
be looking at? This is red hat 7.2 with iptables 1.2.5 compiled (not
rpm's). I can ping to/from the box from the lan and inet, is there some
routing thing I should be doing? (inserted routing output for info)
IPTABLES SCRIPT
#call insmod script
/etc/sysconfig/modsprobe
#activate kernel forwarding
echo 1>/proc/sys/net/ipv4/ip_forward
INET_INTERFACE="eth0" #internet-connected interface
LAN_INTERFACE="eth1" #LAN-connected interface
LAN_ADDRESS="192.168.41.237" #LAN Address
INET_ADDRESS="207.228.x.x" #Internet address
PRIVPORTS="0:1023" #well-known, priviledged port
range
UNPRIVPORTS="1024:65535" #unpriviledged ports
WEB_PORT="80" #HTTP Service port
WPS2_EX="207.228.x.x" #WPS2 External address
WPS2_INT="192.168.41.6" #WPS2 Internal address
#remove existing rules
/sbin/iptables --flush
/sbin/iptables -t nat --flush
/sbin/iptables -t mangle --flush
#set default chain policies
/sbin/iptables --policy INPUT ACCEPT
/sbin/iptables --policy OUTPUT ACCEPT
/sbin/iptables --policy FORWARD ACCEPT
#enable loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
#enable state-related connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#NAT for wps2
/sbin/iptables -t nat -A PREROUTING -i $INET_INTERFACE -d $WPS2_EX -j
DNAT --to-dest $WPS2_INT
/sbin/iptables -t nat -A POSTROUTING -o $INET_INTERFACE -s $WPS2_INT -j
SNAT --to-source $WPS2_EX
IP ADDR SHOW output
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:02:b3:93:be:ea brd ff:ff:ff:ff:ff:ff
inet 207.228.x.x/29 brd 207.228.x.x scope global eth0
inet 207.228.x.x/29 scope global secondary eth0
inet 207.228.x.x/29 scope global secondary eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:02:b3:93:be:eb brd ff:ff:ff:ff:ff:ff
inet 192.168.41.237/24 brd 192.168.41.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 100
link/ether 00:02:b3:8f:2e:bc brd ff:ff:ff:ff:ff:ff
ROUTE output
207.228.x.x * 255.255.255.248 U 0 0 0
eth0
192.168.41.0 * 255.255.255.0 U 0 0 0
eth1
127.0.0.0 * 255.0.0.0 U 0 0 0
lo
default h-207-228-x-x. 0.0.0.0 UG 0 0 0
eth0
I'm confused - I have had other iptables systems working before, which
is why I'm so irritated :)
Thanks!
Max
