Mailing List Archive

you should enable IP forwarding for dynamic addresses. I think it is:

echo 1 > /proc/sys/net/ipv4/ip_dynaddr






"Peter Pohlmann" <peter@e-partner.com> on 07/30/2001 10:48:51 AM

To: "netfilter" <netfilter@lists.samba.org>
cc: (bcc: Shin Neng Wong/NTTMSC)

Subject: Cant get iptables to work




Hello lList,

here iss my little "BIG" Problem.
I have a redhat 7.1 box and recently installed kernel 2.4.7
Iptables Version 1.2.2

I habe a private LAN 192.168.1.0 on interface eth1 and a public IP on eth0

I can ping from the private LAN eth1 and eth0 ,but I am unable to ping the
outside world.
IPCHAINS is not running.

Masquerading is on and the rest is all open.

THe prime objective for now is to give the LAN access to the "world"
Can someone help me ? I am not sure if it is the rules or something else.
I have the following line in script:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

That is all and I think that should give access. I have compiled the kernel with
all netfilter options included except FAST SWITCHING as it is describted in some
FAQs.

No idea anymore where to look further. Any advise ?


Thanks for your help.
Peter

I'm out of ideas too. As for debugging, I usually just run a tcpdump and try to
catch where the packets are flying. I'm still novice to this so hopefully
someone can give a better suggestions.








"Peter Pohlmann" <peter@e-partner.com> on 07/30/2001 11:42:14 AM

To: Shin Neng Wong/NTTMSC
cc:

Subject: Re: Cant get iptables to work




Again thanks for the help, but still no success.
Is there anyway to get some debug info ?

For now I have to get some hours sleep 3:00 am here i Toronto Canada

Thanks again
Peter
----- Original Message -----
From: Shin Neng Wong
To: Peter Pohlmann
Sent: Monday, July 30, 2001 6:27 AM
Subject: Re: Cant get iptables to work




In that case, try SNAT instead of Masquerading like:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to x.x.x.x

where x.x.x.x is your public IP address.

hope it helps :)







"Peter Pohlmann" <peter@e-partner.com> on 07/30/2001 11:23:55 AM

To: Shin Neng Wong/NTTMSC
cc:

Subject: Re: Cant get iptables to work




Thanks for the advise, but it did not work.
The eth0 interface has a static and public IP address

Peter
----- Original Message -----
From: Shin Neng Wong
To: Peter Pohlmann
Cc: netfilter
Sent: Monday, July 30, 2001 5:55 AM
Subject: Re: Cant get iptables to work




you should enable IP forwarding for dynamic addresses. I think it is:

echo 1 > /proc/sys/net/ipv4/ip_dynaddr






"Peter Pohlmann" <peter@e-partner.com> on 07/30/2001 10:48:51 AM

To: "netfilter" <netfilter@lists.samba.org>
cc: (bcc: Shin Neng Wong/NTTMSC)

Subject: Cant get iptables to work




Hello lList,

here iss my little "BIG" Problem.
I have a redhat 7.1 box and recently installed kernel 2.4.7
Iptables Version 1.2.2

I habe a private LAN 192.168.1.0 on interface eth1 and a public IP on eth0

I can ping from the private LAN eth1 and eth0 ,but I am unable to ping the
outside world.
IPCHAINS is not running.

Masquerading is on and the rest is all open.

THe prime objective for now is to give the LAN access to the "world"
Can someone help me ? I am not sure if it is the rules or something else.
I have the following line in script:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

That is all and I think that should give access. I have compiled the kernel
with
all netfilter options included except FAST SWITCHING as it is describted in
some
FAQs.

No idea anymore where to look further. Any advise ?


Thanks for your help.
Peter

are you just trying ping ... I've seen an issue in 2.4.7 (but I've been no
use in debugging it :-), where pings weren't been masq'ed properly until I
had opened a TCP connection.. but I can't swear the exact circumstances
and can provide no more info..


perhaps you might want to telnet to an IP address from behind the FW and
see if that works... (use an IP not a name incase DNS is busted).. then
check ping..

Dave.


On Mon, 30 Jul 2001, Peter Pohlmann wrote:

> Hello lList,
>
> here iss my little "BIG" Problem.
> I have a redhat 7.1 box and recently installed kernel 2.4.7
> Iptables Version 1.2.2
>
> I habe a private LAN 192.168.1.0 on interface eth1 and a public IP on eth0
>
> I can ping from the private LAN eth1 and eth0 ,but I am unable to ping the outside world.
> IPCHAINS is not running.
>
> Masquerading is on and the rest is all open.
>
> THe prime objective for now is to give the LAN access to the "world"
> Can someone help me ? I am not sure if it is the rules or something else.
> I have the following line in script:
>
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> That is all and I think that should give access. I have compiled the kernel with all netfilter options included except FAST SWITCHING as it is describted in some FAQs.
>
> No idea anymore where to look further. Any advise ?
>
>
> Thanks for your help.
> Peter
>
>
>
>
>
>

--
David Airlie, Software Engineer
http://www.skynet.ie/~airlied / airlied@skynet.ie
pam_smb / Linux DecStation / Linux VAX / ILUG person

On Mon, Jul 30, 2001 at 01:48:51AM -0000, Peter Pohlmann wrote:

> I can ping from the private LAN eth1 and eth0 ,but I am unable to ping the outside world.
> IPCHAINS is not running.
>
> Masquerading is on and the rest is all open.
>
> THe prime objective for now is to give the LAN access to the "world"
> Can someone help me ? I am not sure if it is the rules or something else.
> I have the following line in script:
>
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward

Check your DNS setting and try to ping a numeric address. First try
to ping the "inet:" address, then the "P-t-P:" address from the
ifconfig output. Check route and see if the "default" route has been
set to the "P-t-P:" address. If ping from the firewall works, then
try a box behind it. Does the box behind it has default route? Does
it DNS entry point to either the firewall box or a real DNS server?


--
Linux 2.4.7fw #2 Sun Jul 29 21:32:38 CST 2001 i586 unknown
20:10:02 up 13:49, 1 user, load average: 1.00, 1.00, 1.00

Actually I have the simular question:

I can ping from firewall box. But when I try to ping from internal box
behind firewall, it doesn't work. Is it my firewall problem?

James

On Mon, 30 Jul 2001, Anthony Liu wrote:

> On Mon, Jul 30, 2001 at 01:48:51AM -0000, Peter Pohlmann wrote:
>
> > I can ping from the private LAN eth1 and eth0 ,but I am unable to ping the outside world.
> > IPCHAINS is not running.
> >
> > Masquerading is on and the rest is all open.
> >
> > THe prime objective for now is to give the LAN access to the "world"
> > Can someone help me ? I am not sure if it is the rules or something else.
> > I have the following line in script:
> >
> > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Check your DNS setting and try to ping a numeric address. First try
> to ping the "inet:" address, then the "P-t-P:" address from the
> ifconfig output. Check route and see if the "default" route has been
> set to the "P-t-P:" address. If ping from the firewall works, then
> try a box behind it. Does the box behind it has default route? Does
> it DNS entry point to either the firewall box or a real DNS server?
>
>
> --
> Linux 2.4.7fw #2 Sun Jul 29 21:32:38 CST 2001 i586 unknown
> 20:10:02 up 13:49, 1 user, load average: 1.00, 1.00, 1.00
>
>