nat masquerade router

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Tue Jun 15 17:44:52 UTC 2004


Am Di, den 15.06.2004 schrieb Michael Floyd um 19:29:

> Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not a 16
> bit ( 255.255.0.0 )
> It would be your firewall rules that are blocking you.....

Right.

> These two lines......
> # iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
> -d 192.168.0.0/16 -j ACCEPT
> # iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
> 
> the ip's should be 192.168.1.0/24 not 192.168.0.0/16
> the way it's writen, you drop everthing on your subnet.

No :) That doesn't matter. 192.168.0.0/16 includes the 192.168.1.0/24
net. He is just bit more permissive than it needs. But does no harm.

What is causing the blocking is:

iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP

It drops all incoming traffic not being from the private address range.
Thus packages from public internet are dropped.

What you intend is better placed to the INPUT chain.

> Michael Floyd

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 
Serendipity 19:36:44 up 16:03, 8 users, 0.31, 0.29, 0.31 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040615/be87d892/attachment-0001.sig>


More information about the fedora-list mailing list