nat masquerade router
Michael Floyd
michael.floyd at cgi.com
Tue Jun 15 17:29:27 UTC 2004
Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not a 16
bit ( 255.255.0.0 )
It would be your firewall rules that are blocking you.....
These two lines......
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
the ip's should be 192.168.1.0/24 not 192.168.0.0/16
the way it's writen, you drop everthing on your subnet.
Michael Floyd
-----Original Message-----
From: fedora-list-bounces at redhat.com
[mailto:fedora-list-bounces at redhat.com]On Behalf Of fedora
Sent: June 15, 2004 1:17 PM
To: fedora-list at redhat.com
Subject: nat masquerade router
Hi, I'd sure appreciate help with getting my router and host to work!
Problem-
FC2 Host cannot get Internet connection through FC2 Router.
Description-
Both FC2 machines use to work fine via a D-Link firewall router. I
removed the D-Link to make my own Router, connected via CrossOver cable,
to Host. (and yes it is a belkin #r7j304 5e 'crossover' cable, -I
checked). The Router works fine, and gets Internet connection - the Host
does not!
Host at 192.168.1.10 can be PINGed and nmapped successfully by Router
without packet loss.
I have been using RedHat9 Bible by Christopher Negus as a guide, pp616
etc. but perhaps I missed something, or there's a major change w/ FC2 to
get this to work, or i've just confused IP addressing?
Any help appreciated...
The ROUTER
(Gigabyte GA7VRXP, eth0 is onboard RealTek NIC, & Netgear PCI card for
eth1)
1_ router-
blue.myvnc.com
eth0 - dhcp
eth1 - 192.168.1.1
SubNet Mask 255.255.255.0
Default Gateway: 0.0.0.0
2_
/etc/sysconfig/network reads:
NETWORKING=yes
HOSTNAME='blue.myvnc.com'
GATEWAYDEV=eth0
2A_ in /etc/hosts reads:
127.0.0.1 localhost.localdomain localhost
192.168.1.10 red.myvnc.com red
#red is the host
3_
/etc/sysctl.conf reads:
net.ipv4.ip_forward = 1
4_
Added FORWARD rules
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
# cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old
cp: overwrite `/etc/sysconfig/iptables.old'? y
# iptables-save > /etc/sysconfig/iptables
# /etc/init.d/network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: [ OK ]
Setting network parameters: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
Bringing up interface eth1: [ OK ]
5_ checked rules have been added
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/16 anywhere
ACCEPT all -- anywhere 192.168.0.0/16
DROP all -- !192.168.0.0/16 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
The HOST MACHINE
Asus A7N8X Deluxe, with onboard 3Com eth0, and Nvidia eth1
The cable IS connected to eth0, I checked physically and in network
settings to see that eth0 corresponds to 3Com, not Nvidia.
6_ eth0
192.168.1.10
SubNet Mask 255.255.255.0
Default Gateway 192.168.1.1
7- /etc/hosts - the host can see itself and the router:
127.0.0.1 localhost.localdomain red.myvnc.com red
192.168.1.1 blue.myvnc.com blue
8_ no firewall present on host, I checked-
#iptables -L
Chain INPUT (Policy ACCEPT)... target... <no values >
[FORWARD & OUTPUT, same, no values]
What am I missing? the default gateway in part 1_ or 6_ above ?
Is it the SubNet Masks?
Any help appreciated, tia
Chris
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the fedora-list
mailing list