I'm expecting this box to forward traffic like a router, but it's not playing nice. It might be because I'm up at 3:30am trying to figure this out. hah :) the 192.0.0.2 address is simply for "example.com" style usage.
forwarding was enabled by echo 1 > /proc/sys/net/ipv4/ip_forward iptables-save shows all chains are ACCEPT. There is one rule in the nat table, FOWARD chain, as ACCEPT, however there are no packets/bytes accounted for. joe:~# iptables-save -c # Generated by iptables-save v1.3.6 on Sun May 17 05:30:45 2009 *raw :PREROUTING ACCEPT [577431792:362231328154] :OUTPUT ACCEPT [728727849:796223845493] COMMIT # Completed on Sun May 17 05:30:45 2009 # Generated by iptables-save v1.3.6 on Sun May 17 05:30:45 2009 *nat :PREROUTING ACCEPT [9039298:481968201] :POSTROUTING ACCEPT [8247008:528498550] :OUTPUT ACCEPT [8244338:528359281] COMMIT # Completed on Sun May 17 05:30:45 2009 # Generated by iptables-save v1.3.6 on Sun May 17 05:30:45 2009 *mangle :PREROUTING ACCEPT [577431792:362231328154] :INPUT ACCEPT [577418236:362230055052] :FORWARD ACCEPT [13212:1256264] :OUTPUT ACCEPT [729094611:796543310780] :POSTROUTING ACCEPT [730008665:796516451576] COMMIT # Completed on Sun May 17 05:30:45 2009 # Generated by iptables-save v1.3.6 on Sun May 17 05:30:45 2009 *filter :INPUT ACCEPT [577418225:362230054083] :FORWARD ACCEPT [13212:1256264] :OUTPUT ACCEPT [728727348:796223813446] [0:0] -A FORWARD -d 192.0.0.5 -j ACCEPT COMMIT # Completed on Sun May 17 05:30:45 2009 joe:~# cat /proc/sys/net/ipv4/ip_forward 1 With, tcpdump -eni ethX host 192.0.0.5, when TCP traffic is destined to us, I expect it to forward this to the destination. However, it's creating TCP RST's. Not even icmp host unreachable etc. anything else I should look at? (except a good nights rest?) Scott. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
