re nat masquerade router
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Tue Jun 15 19:26:00 UTC 2004
Am Di, den 15.06.2004 schrieb fedora um 20:51:
> Thanks for your help so far-
> still no luck with the Host web browser.
>
> 1_ How should I enter that last -s !?
> #"iptables -A INPUT -s ! 192.168.0.0/16 -j DROP " ...?
see below ...
> d) flushed rules and reset, without the "-s !"
> # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> # iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT
> # iptables -A FORWARD -d 192.168.0.0/16 -j ACCEPT
Just as a question: the # are just in your mail? Hope so!
Leave away line 2 and 3. Just use the POSTROUTING rule and none for
FORWARD, given that the FORWARD policy is set to accept.
> anything else I should try?
> Or go straight to another tool, as others have suggested?
As a general rule: start with simple setups! Do not more with iptables
as needed. So use the MASQUERADE in POSTROUTING nat table and all else
on accept - for the initial function testing. Later you can go through
and close things.
Question: how is your router connected to the internet? Try
echo 0 > /proc/sys/net/ipv4/tcp_ecn
Maybe you are hit by a broken DSL router/modem which does not handle ECN
proper. Maybe you must use mssclamping on the router:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
--clamp-mss-to-pmtu
> Chris
Alexander
P.S. please strip your quotes and do not top-post! thanks
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435
Serendipity 21:12:07 up 17:39, 8 users, 1.32, 0.47, 0.27
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040615/26714e0f/attachment-0001.sig>
More information about the fedora-list
mailing list