[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: nat masquerade router



Well, at least I tried.
I was along the right lines though and Rodolfo J. Paiz hit it right on the
head.
I think I'll just stick to reading instead of awnsering.

And BTW. I agree with the "FC2 Issues" thread.... Those kind of bugs should
NOT make it into a offical release that isn't an RC.
( alas, I too was bitten by the duel boot bug and so where quite a few
others that I know. )




-----Original Message-----
From: fedora-list-bounces redhat com
[mailto:fedora-list-bounces redhat com]On Behalf Of Alexander Dalloz
Sent: June 15, 2004 1:45 PM
To: For users of Fedora Core releases
Subject: Re: nat masquerade router

Am Di, den 15.06.2004 schrieb Michael Floyd um 19:29:

> Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not a 16
> bit ( 255.255.0.0 )
> It would be your firewall rules that are blocking you.....

Right.

> These two lines......
> # iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
> -d 192.168.0.0/16 -j ACCEPT
> # iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
>
> the ip's should be 192.168.1.0/24 not 192.168.0.0/16
> the way it's writen, you drop everthing on your subnet.

No :) That doesn't matter. 192.168.0.0/16 includes the 192.168.1.0/24
net. He is just bit more permissive than it needs. But does no harm.

What is causing the blocking is:

iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP

It drops all incoming traffic not being from the private address range.
Thus packages from public internet are dropped.

What you intend is better placed to the INPUT chain.

> Michael Floyd

Alexander


--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435
Serendipity 19:36:44 up 16:03, 8 users, 0.31, 0.29, 0.31



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]