NAT-setup: modification requared

Bill Davidsen davidsen at tmr.com
Wed Sep 2 17:30:07 UTC 2009 

Hiisi wrote:
> Dear List!
> I have F11 machine which shares WEB to small home wired network. F11 
> computer has 3 ethernet adapters - one built in motherboard (eth0, 
> 'main' adapter) and two additional cards (eth1,2). With grate help of 
> this list and even greater help of google I was able to set up NAT over 
> it. It worked perfect while there was only one client in the home 
> network - window$ laptop, connected to eth1 (eth2 was down). Now I added 
> second laptop - it runs ubuntu. I turned on eth2 and tried to do the 
> same trick with it but no lack until now. Here goes mine configuration:

Do you really need to keep the two private machines from talking to one another? 
If so change eth2 to 192.168.3.20 and run a separate network for each. Otherwise 
you might find less effort in investing in a switch and moving the work there. I 
appreciate that you may have policy or financial issues which prevent this, that 
hardware is inexpensive in the US but might no be at your location.

> ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:0F:EA:22:A0:2C
>          inet addr:192.168.0.203  Bcast:192.168.1.255 Mask:255.255.254.0
>          inet6 addr: fe80::20f:eaff:fe22:a02c/64 Scope:Link
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:124015 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:25838 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000
>          RX bytes:21230917 (20.2 MiB)  TX bytes:4769745 (4.5 MiB)
>          Interrupt:19 Base address:0xe000
> 
> eth1      Link encap:Ethernet  HWaddr 00:80:48:2E:43:9C
>          inet addr:192.168.2.20  Bcast:192.168.2.255 Mask:255.255.255.0
>          inet6 addr: fe80::280:48ff:fe2e:439c/64 Scope:Link
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:11044 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:9539 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000
>          RX bytes:8868181 (8.4 MiB)  TX bytes:3991105 (3.8 MiB)
>          Interrupt:18 Base address:0x8000
> 
> eth2      Link encap:Ethernet  HWaddr 00:40:F4:98:DB:E9
>          inet addr:192.168.2.40  Bcast:192.168.2.255 Mask:255.255.255.0
>          inet6 addr: fe80::240:f4ff:fe98:dbe9/64 Scope:Link
>          UP BROADCAST MULTICAST  MTU:1500  Metric:1
>          RX packets:75 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000
>          RX bytes:5935 (5.7 KiB)  TX bytes:14586 (14.2 KiB)
>          Interrupt:19 Base address:0xa000
> 
> lo        Link encap:Local Loopback
>          inet addr:127.0.0.1  Mask:255.0.0.0
>          inet6 addr: ::1/128 Scope:Host
>          UP LOOPBACK RUNNING  MTU:16436  Metric:1
>          RX packets:329 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:329 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:0
>          RX bytes:69191 (67.5 KiB)  TX bytes:69191 (67.5 KiB)
> 
> route
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use 
> Iface
> 192.168.2.0     *               255.255.255.0   U     0      0        0 
> eth1
> 192.168.2.0     *               255.255.255.0   U     0      0        0 
> eth2
> 192.168.0.0     *               255.255.254.0   U     0      0        0 
> eth0
> link-local      *               255.255.0.0     U     1002   0        0 
> eth0
> link-local      *               255.255.0.0     U     1003   0        0 
> eth1
> link-local      *               255.255.0.0     U     1004   0        0 
> eth2
> default         mitht2.imt.ru   0.0.0.0         UG    0      0        0 
> eth0
> 
> sysctl net.ipv4.ip_forward
> net.ipv4.ip_forward = 1
> 
> iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> MASQUERADE  all  --  anywhere             anywhere
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> cat /etc/sysconfig/iptables
> # Generated by iptables-save v1.4.3.1 on Tue Sep  1 23:36:23 2009
> *nat
> :PREROUTING ACCEPT [1264:158963]
> :POSTROUTING ACCEPT [96:14688]
> :OUTPUT ACCEPT [462:49878]
> -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Tue Sep  1 23:36:23 2009
> # Generated by iptables-save v1.4.3.1 on Tue Sep  1 23:36:23 2009
> *filter
> :INPUT ACCEPT [7849:1116249]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1219:189475]
> -A FORWARD -i eth0 -j ACCEPT
> -A FORWARD -i eth1 -j ACCEPT
> -A FORWARD -i eth2 -j ACCEPT
> COMMIT
> # Completed on Tue Sep  1 23:36:23 2009
> 
> Window$ laptop has 192.168.2.30 address and uses 192.168.2.20 (eth1 IP) 
> as gateway. DNS is the same as on F11 machine.
> I've tried to set up 192.168.2.50 as IP for ubuntu laptop with default 
> gateway of eth2 IP address: 192.168.2.40. It doesn't work. When I'm 
> trying to ping 192.168.2.50 from F11 the result is:
> ping 192.168.2.50
> PING 192.168.2.50 (192.168.2.50) 56(84) bytes of data.
>> From 192.168.2.20 icmp_seq=2 Destination Host Unreachable
>> From 192.168.2.20 icmp_seq=3 Destination Host Unreachable
>> From 192.168.2.20 icmp_seq=4 Destination Host Unreachable
> ^C
> As I can understand packets go from wrong IP. Namely, from eth1 when I 
> would like them to go from eth2.
> How to fix that?
> Thank you for your attention!
> Respectfully
> -- 
> Hiisi.
> Registered Linux User #487982. Be counted at: http://counter.li.org/
> 


-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the fedora-list mailing list