nat masquerade router

Michael Floyd michael.floyd at cgi.com
Tue Jun 15 17:29:27 UTC 2004 

Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not a 16
bit ( 255.255.0.0 )
It would be your firewall rules that are blocking you.....
These two lines......
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP

the ip's should be 192.168.1.0/24 not 192.168.0.0/16
the way it's writen, you drop everthing on your subnet.

Michael Floyd

-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com]On Behalf Of fedora
Sent: June 15, 2004 1:17 PM
To: fedora-list at redhat.com
Subject: nat masquerade router

Hi, I'd sure appreciate help with getting my router and host to work!

Problem-
FC2 Host cannot get Internet connection through FC2 Router.

Description-
Both FC2 machines use to work fine via a D-Link firewall router. I
removed the D-Link to make my own Router, connected via CrossOver cable,
to Host. (and yes it is a belkin #r7j304 5e 'crossover' cable, -I
checked). The Router works fine, and gets Internet connection - the Host
does not!

Host at 192.168.1.10 can be PINGed and nmapped successfully by Router
without packet loss.

I have been using RedHat9 Bible by Christopher Negus as a guide, pp616
etc. but perhaps I missed something, or there's a major change w/ FC2 to
get this to work, or i've just confused IP addressing?

Any help appreciated...


The ROUTER
(Gigabyte GA7VRXP, eth0 is onboard RealTek NIC, & Netgear PCI card for
eth1)

1_ router-
blue.myvnc.com
eth0 - dhcp
eth1 - 192.168.1.1
SubNet Mask 255.255.255.0
Default Gateway: 0.0.0.0

2_
/etc/sysconfig/network reads:
NETWORKING=yes
HOSTNAME='blue.myvnc.com'
GATEWAYDEV=eth0

2A_ in /etc/hosts reads:
127.0.0.1       localhost.localdomain   localhost
192.168.1.10    red.myvnc.com red
#red is the host

3_
/etc/sysctl.conf reads:
net.ipv4.ip_forward = 1

4_
Added FORWARD rules

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
# cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old
cp: overwrite `/etc/sysconfig/iptables.old'? y
# iptables-save > /etc/sysconfig/iptables
# /etc/init.d/network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Disabling IPv4 packet forwarding:                          [  OK  ]
Setting network parameters:                                [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
Bringing up interface eth1:                                [  OK  ]

5_ checked rules have been added
# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
ACCEPT     all  --  192.168.0.0/16       anywhere
ACCEPT     all  --  anywhere             192.168.0.0/16
DROP       all  -- !192.168.0.0/16       anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited


The HOST MACHINE
Asus A7N8X Deluxe, with onboard 3Com eth0, and Nvidia eth1
The cable IS connected to eth0, I checked physically and in network
settings to see that eth0 corresponds to 3Com, not Nvidia.

6_ eth0
192.168.1.10
SubNet Mask 255.255.255.0
Default Gateway 192.168.1.1

7- /etc/hosts - the host can see itself and the router:
127.0.0.1 localhost.localdomain red.myvnc.com red
192.168.1.1 blue.myvnc.com blue

8_ no firewall present on host, I checked-
#iptables -L
Chain INPUT (Policy ACCEPT)... target... <no values >
[FORWARD & OUTPUT, same, no values]


What am I missing? the default gateway in part 1_ or 6_ above ?
Is it the SubNet Masks?

Any help appreciated, tia

Chris


--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

More information about the fedora-list mailing list