Mailing List Archive

You may want to try :

$IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_NET -j SNAT --to-source
$EXT_IP

Sam


Rohit Peyyeti wrote:

> Hello: Since past few days I have been trying to get MASQ withiptables
> work. I have installed RedHat 7.1 on a systemwith 64 MB RAM with 1 GB
> Harddisk and Pentium 100 MhzCPU. I tried setting up MASQ using IP
> Chains on RedHat 7.0.It works perfectly fine. I then upgraded to RH7.1
> andtried getting MASQ work with iptables but without anyluck. I have a
> wireless broadband connection with staticip address. I have two NICs,
> one facing internet andother facing my local area network. eth0 is
> facingmy Local area network and eth1 is facing the internet. Here is
> what my script file contains: ====== # - Enabling packet forwarding in
> the kernel
> echo "1" > /proc/sys/net/ipv4/ip_forward # - Internal IP Address range
>
> INT_NET="200.200.200.0/24" # - External IP
> AddressEXT_IP="64.110.96.176" # - Empty the chains
> $IPTABLES -F
> $IPTABLES -t nat -F # - Default policy - Drop everything"
> $IPTABLES -P INPUT DROP
> $IPTABLES -P FORWARD DROP
> $IPTABLES -P OUTPUT ACCEPT # - MASQ all internal traffic out to the
> Internet
> $IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_IP -j SNAT
> --to-source $EXT_IP ====== I somehow still not able to get this thing
> working. Don't knowwhere I am going wrong. Please
> help Thanks, ...Rohit TransLogic Systems
> 5th Floor, Amogh Plaza, Greenlands,
> Hyderabad, AP - 500 016, INDIA
> Ph: 91.40.3401795, Fax: 91.40.3407943
> www.translogicsys.com

No Luck :-(

...Rohit
----- Original Message -----
From: Samuel Tran
To: Rohit Peyyeti ; netfilter
Sent: Wednesday, August 08, 2001 12:48 PM
Subject: Re: Not able to get MASQ work on RedHat 7.1


You may want to try :
$IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_NET -j SNAT --to-source $EXT_IP

Sam


Rohit Peyyeti wrote:

Hello: Since past few days I have been trying to get MASQ withiptables work. I have installed RedHat 7.1 on a systemwith 64 MB RAM with 1 GB Harddisk and Pentium 100 MhzCPU. I tried setting up MASQ using IP Chains on RedHat 7.0.It works perfectly fine. I then upgraded to RH7.1 andtried getting MASQ work with iptables but without anyluck. I have a wireless broadband connection with staticip address. I have two NICs, one facing internet andother facing my local area network. eth0 is facingmy Local area network and eth1 is facing the internet. Here is what my script file contains: ====== # - Enabling packet forwarding in the kernel
echo "1" > /proc/sys/net/ipv4/ip_forward # - Internal IP Address range
INT_NET="200.200.200.0/24" # - External IP AddressEXT_IP="64.110.96.176" # - Empty the chains
$IPTABLES -F
$IPTABLES -t nat -F # - Default policy - Drop everything"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT # - MASQ all internal traffic out to the Internet
$IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_IP -j SNAT --to-source $EXT_IP ====== I somehow still not able to get this thing working. Don't knowwhere I am going wrong. Please help Thanks, ...Rohit TransLogic Systems
5th Floor, Amogh Plaza, Greenlands,
Hyderabad, AP - 500 016, INDIA
Ph: 91.40.3401795, Fax: 91.40.3407943
www.translogicsys.com

I am now able to ping my ISP's gateway from one of my
desktops which is on the LAN. I am also able to ping
some of the machines on the outside world but it is
not very consistent. It pings sometimes, sometimes it
does not.

Also, I am able to ping only by IP and not by name.
I also not able to use http (web access) from my
workstations.

Any idea why?

Thanks for the Help!

...Rohit


----- Original Message -----
From: Samuel Tran
To: Rohit Peyyeti
Sent: Wednesday, August 08, 2001 1:16 PM
Subject: Re: Not able to get MASQ work on RedHat 7.1


So it should be working.
Try to log the packets to find out where the problem is.
Sam


Rohit Peyyeti wrote:

This is the output for iptables -L -t nat: chain PREROUTING (Policy ACCEPT) chain POSTROUTING (Policy ACCEPT)SNAT al -- 200.200.200.0/24 anywhere to:64.110.96.176 chain OUTPUT (Policy ACCEPT) ...Rohit
----- Original Message -----
From: Samuel Tran
To: Rohit Peyyeti
Sent: Wednesday, August 08, 2001 12:58 PM
Subject: Re: Not able to get MASQ work on RedHat 7.1
What did you get when you type this : iptables -L -t nat
I would rather put :
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT DROP

Sam


Rohit Peyyeti wrote:

Still no luck! ...Rohit
----- Original Message -----
From:Samuel Tran
To: Rohit Peyyeti ; netfilter
Sent: Wednesday, August 08, 2001 12:48 PM
Subject: Re: Not able to get MASQ work on RedHat 7.1
You may want to try :
$IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_NET -j SNAT --to-source $EXT_IP

Sam


Rohit Peyyeti wrote:

Hello:Since past few days I have been trying to get MASQ withiptables work. I have installed RedHat 7.1 on a systemwith 64 MB RAM with 1 GB Harddisk and Pentium 100 MhzCPU. I tried setting up MASQ using IP Chains on RedHat 7.0.It works perfectly fine. I then upgraded to RH7.1 andtried getting MASQ work with iptables but without anyluck. I have a wireless broadband connection with staticip address. I have two NICs, one facing internet andother facing my local area network. eth0 is facingmy Local area network and eth1 is facing the internet. Here is what my script file contains: ======# - Enabling packet forwarding in the kernel
echo "1" > /proc/sys/net/ipv4/ip_forward# - Internal IP Address range
INT_NET="200.200.200.0/24" # - External IP AddressEXT_IP="64.110.96.176" # - Empty the chains
$IPTABLES -F
$IPTABLES -t nat -F # - Default policy - Drop everything"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT # - MASQ all internal traffic out to the Internet
$IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_IP -j SNAT --to-source $EXT_IP ======I somehow still not able to get this thing working. Don't knowwhere I am going wrong. Please help Thanks,...Rohit TransLogic Systems
5th Floor, Amogh Plaza, Greenlands,
Hyderabad, AP - 500 016, INDIA
Ph: 91.40.3401795, Fax: 91.40.3407943
www.translogicsys.com

Firstly - please send text only mails to mailing lists - you may get more
response. Also don't set the urgency to high as most people would probably
consider their requests high.

Secondly if you have INPUT and FORWARD set to drop with no other rules then
you are not going to get anything working. Set these to accept and then the
SNAT rule may work.

Cheers
Nigel


Rohit Peyyeti wrote:
Hello:Since past few days I have been trying to get MASQ withiptables work.
I have installed RedHat 7.1 on a systemwith 64 MB RAM with 1 GB Harddisk and
Pentium 100 MhzCPU. I tried setting up MASQ using IP Chains on RedHat 7.0.It
works perfectly fine. I then upgraded to RH7.1 andtried getting MASQ work
with iptables but without anyluck. I have a wireless broadband connection
with staticip address. I have two NICs, one facing internet andother facing
my local area network. eth0 is facingmy Local area network and eth1 is
facing the internet. Here is what my script file contains: ======# -
Enabling packet forwarding in the kernel
echo "1" > /proc/sys/net/ipv4/ip_forward# - Internal IP Address range
INT_NET="200.200.200.0/24" # - External IP AddressEXT_IP="64.110.96.176" # -
Empty the chains
$IPTABLES -F
$IPTABLES -t nat -F # - Default policy - Drop everything"
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT # - MASQ all internal traffic out to the Internet

$IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_IP -j SNAT --to-source
$EXT_IP ======I somehow still not able to get this thing working. Don't
knowwhere I am going wrong. Please help

I set chains: INPUT, FORWARD, OUTPUT to
ACCEPT mode.

As I said before, I can ping my ISP's gateway
from my local workstation. I am still not able
to access internet (websites)

As of setting of priority to high, I set that
for most of my outgoing mails. It is upto the
receiver if he considers my mail important or
not.

Thanks for the help anyway!

...Rohit

----- Original Message -----
From: Nigel Morse <N.Morse@hyperknowledge.com>
To: 'Rohit Peyyeti' <rohit@translogicsys.com>; <netfilter@lists.samba.org>
Cc: Samuel Tran <stran@immostreet.com>
Sent: Wednesday, August 08, 2001 4:42 PM
Subject: RE: Not able to get MASQ work on RedHat 7.1


> Firstly - please send text only mails to mailing lists - you may get more
> response. Also don't set the urgency to high as most people would
probably
> consider their requests high.
>
> Secondly if you have INPUT and FORWARD set to drop with no other rules
then
> you are not going to get anything working. Set these to accept and then
the
> SNAT rule may work.
>
> Cheers
> Nigel
>
>
> Rohit Peyyeti wrote:
> Hello:Since past few days I have been trying to get MASQ withiptables
work.
> I have installed RedHat 7.1 on a systemwith 64 MB RAM with 1 GB Harddisk
and
> Pentium 100 MhzCPU. I tried setting up MASQ using IP Chains on RedHat
7.0.It
> works perfectly fine. I then upgraded to RH7.1 andtried getting MASQ work
> with iptables but without anyluck. I have a wireless broadband connection
> with staticip address. I have two NICs, one facing internet andother
facing
> my local area network. eth0 is facingmy Local area network and eth1 is
> facing the internet. Here is what my script file contains: ======# -
> Enabling packet forwarding in the kernel
> echo "1" > /proc/sys/net/ipv4/ip_forward# - Internal IP Address range
> INT_NET="200.200.200.0/24" # - External IP AddressEXT_IP="64.110.96.176"
# -
> Empty the chains
> $IPTABLES -F
> $IPTABLES -t nat -F # - Default policy - Drop everything"
> $IPTABLES -P INPUT DROP
> $IPTABLES -P FORWARD DROP
> $IPTABLES -P OUTPUT ACCEPT # - MASQ all internal traffic out to the
Internet
>
> $IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_IP -j SNAT --to-source
> $EXT_IP ======I somehow still not able to get this thing working. Don't
> knowwhere I am going wrong. Please help

Rohit Peyyeti wrote:

> No Luck :-(
>
>
>
> ...Rohit
>
> ----- Original Message -----
>
> From: Samuel Tran <mailto:stran@immostreet.com>
>
> To: Rohit Peyyeti <mailto:rohit@translogicsys.com> ; netfilter
> <mailto:netfilter@lists.samba.org>
>
> Sent: Wednesday, August 08, 2001 12:48 PM
>
> Subject: Re: Not able to get MASQ work on RedHat 7.1
>
>
> You may want to try :
>
> $IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_NET -j SNAT
> --to-source $EXT_IP
>
> Sam
>
>
> Rohit Peyyeti wrote:
>
> Hello: Since past few days I have been trying to get MASQ
> withiptables work. I have installed RedHat 7.1 on a systemwith
> 64 MB RAM with 1 GB Harddisk and Pentium 100 MhzCPU. I tried
> setting up MASQ using IP Chains on RedHat 7.0.It works perfectly
> fine. I then upgraded to RH7.1 andtried getting MASQ work with
> iptables but without anyluck. I have a wireless broadband
> connection with staticip address. I have two NICs, one facing
> internet andother facing my local area network. eth0 is facingmy
> Local area network and eth1 is facing the internet. Here is what
> my script file contains: ====== # - Enabling packet forwarding
> in the kernel
> echo "1" > /proc/sys/net/ipv4/ip_forward # - Internal IP Address
> range
> INT_NET="200.200.200.0/24" # - External IP
> AddressEXT_IP="64.110.96.176" # - Empty the chains
> $IPTABLES -F
> $IPTABLES -t nat -F # - Default policy - Drop everything"
> $IPTABLES -P INPUT DROP
> $IPTABLES -P FORWARD DROP
> $IPTABLES -P OUTPUT ACCEPT # - MASQ all internal traffic out to
> the Internet
> $IPTABLES -t nat -A POSTROUTING -o eth1 -s $INT_IP -j SNAT
> --to-source $EXT_IP ====== I somehow still not able to get this
> thing working. Don't knowwhere I am going wrong. Please
> help Thanks, ...Rohit TransLogic Systems
> 5th Floor, Amogh Plaza, Greenlands,
> Hyderabad, AP - 500 016, INDIA
> Ph: 91.40.3401795, Fax: 91.40.3407943
> www.translogicsys.com <http://www.translogicsys.com>
>

Mr. Peyyeti,

Try this command:

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $EXT_IP

And change the default policy of FORWARD to ACCEPT, or else you
won't be able to do NAT at all (FORWARD is the chain that traffic which
is being routed through the system traverses).

Brad

Rohit Peyyeti wrote:

> I set chains: INPUT, FORWARD, OUTPUT to
> ACCEPT mode.
>
> As I said before, I can ping my ISP's gateway
> from my local workstation. I am still not able
> to access internet (websites)
>
> As of setting of priority to high, I set that
> for most of my outgoing mails. It is upto the
> receiver if he considers my mail important or
> not.
>
> Thanks for the help anyway!
>
> ....Rohit
>
> ----- Original Message -----
> From: Nigel Morse <N.Morse@hyperknowledge.com>
> To: 'Rohit Peyyeti' <rohit@translogicsys.com>; <netfilter@lists.samba.org>
> Cc: Samuel Tran <stran@immostreet.com>
> Sent: Wednesday, August 08, 2001 4:42 PM
> Subject: RE: Not able to get MASQ work on RedHat 7.1
>
>
>
>> Firstly - please send text only mails to mailing lists - you may get more
>> response. Also don't set the urgency to high as most people would
>
> probably
>
>> consider their requests high.
>>
>> Secondly if you have INPUT and FORWARD set to drop with no other rules
>
> then
>
>> you are not going to get anything working. Set these to accept and then
>
> the
>
>> SNAT rule may work.
>>
>> Cheers
>> Nigel
>>
>>
>> Rohit Peyyeti wrote:
>> Hello:Since past few days I have been trying to get MASQ withiptables
>
> work.
>
>> I have installed RedHat 7.1 on a systemwith 64 MB RAM with 1 GB Harddisk
>
> and
>
>> Pentium 100 MhzCPU. I tried setting up MASQ using IP Chains on RedHat
>
> 7.0.It
>
>> works perfectly fine. I then upgraded to RH7.1 andtried getting MASQ work
>> with iptables but without anyluck. I have a wireless broadband connection
>> with staticip address. I have two NICs, one facing internet andother
>
> facing
>
>> my local area network. eth0 is facingmy Local area network and eth1 is
>> facing the internet. Here is what my script file contains: ======# -
>> Enabling packet forwarding in the kernel
>> echo "1" > /proc/sys/net/ipv4/ip_forward# - Internal IP Address range
>> INT_NET="200.200.200.0/24" # - External IP Ad

Mr. Peyyeti,

Aha! DNS problem! Can you ping the IP address of an external node WITHOUT
using a domain name? If you can, then your DNS configuration is broken
and must be fixed. If not, then your ISP has a major routing problem ;-)

Brad

Brad:

Thanks for the response. But when I setup MASQ
with ipchains on RedHat 7.0, it worked perfectly
fine.

I am also able to ping some of the external
ip addresses for the sites such as:
www.yahoo.com etc., but offcourse without
name but IP Address. I am also able to ping my
ISP's DNS servers

Thanks!

...Rohit

----- Original Message -----
From: Brad Chapman <kakadu@adelphia.net>
To: Rohit Peyyeti <rohit@translogicsys.com>
Cc: <netfilter@lists.samba.org>
Sent: Wednesday, August 08, 2001 5:19 PM
Subject: Re: Not able to get MASQ work on RedHat 7.1


> Rohit Peyyeti wrote:
>
> > I set chains: INPUT, FORWARD, OUTPUT to
> > ACCEPT mode.
> >
> > As I said before, I can ping my ISP's gateway
> > from my local workstation. I am still not able
> > to access internet (websites)
> >
> > As of setting of priority to high, I set that
> > for most of my outgoing mails. It is upto the
> > receiver if he considers my mail important or
> > not.
> >
> > Thanks for the help anyway!
> >
> > ....Rohit
> >
> > ----- Original Message -----
> > From: Nigel Morse <N.Morse@hyperknowledge.com>
> > To: 'Rohit Peyyeti' <rohit@translogicsys.com>;
<netfilter@lists.samba.org>
> > Cc: Samuel Tran <stran@immostreet.com>
> > Sent: Wednesday, August 08, 2001 4:42 PM
> > Subject: RE: Not able to get MASQ work on RedHat 7.1
> >
> >
> >
> >> Firstly - please send text only mails to mailing lists - you may get
more
> >> response. Also don't set the urgency to high as most people would
> >
> > probably
> >
> >> consider their requests high.
> >>
> >> Secondly if you have INPUT and FORWARD set to drop with no other rules
> >
> > then
> >
> >> you are not going to get anything working. Set these to accept and
then
> >
> > the
> >
> >> SNAT rule may work.
> >>
> >> Cheers
> >> Nigel
> >>
> >>
> >> Rohit Peyyeti wrote:
> >> Hello:Since past few days I have been trying to get MASQ withiptables
> >
> > work.
> >
> >> I have installed RedHat 7.1 on a systemwith 64 MB RAM with 1 GB
Harddisk
> >
> > and
> >
> >> Pentium 100 MhzCPU. I tried setting up MASQ using IP Chains on RedHat
> >
> > 7.0.It
> >
> >> works perfectly fine. I then upgraded to RH7.1 andtried getting MASQ
work
> >> with iptables but without anyluck. I have a wireless broadband
connection
> >> with staticip address. I have two NICs, one facing internet andother
> >
> > facing
> >
> >> my local area network. eth0 is facingmy Local area network and eth1 is
> >> facing the internet. Here is what my script file contains: ======# -
> >> Enabling packet forwarding in the kernel
> >> echo "1" > /proc/sys/net/ipv4/ip_forward# - Internal IP Address range
> >> INT_NET="200.200.200.0/24" # - External IP Ad
>
> Mr. Peyyeti,
>
> Aha! DNS problem! Can you ping the IP address of an external node WITHOUT
> using a domain name? If you can, then your DNS configuration is broken
> and must be fixed. If not, then your ISP has a major routing problem ;-)
>
> Brad
>