[ale] nat masquerade router
alelist
alelist at christopherrussell.net
Tue Jun 15 13:27:19 EDT 2004
Hi, I'd sure appreciate help with getting my router and host to work!
Problem-
FC2 Host cannot get Internet connection through FC2 Router.
Description-
Both FC2 machines use to work fine via a D-Link firewall router.
I took out the D-Link and made one machine my own FC2 Router, connected
via CrossOver cable, to the other machine as FC2 Host. (and yes it is a
belkin #r7j304 5e 'crossover' cable, -I checked). The Router works fine,
but the Host cannot get Internet connection.
Host at 192.168.1.10 can be PINGed and nmapped successfully by Router
without packet loss.
I have been using RedHat9 Bible by Christopher Negus as a guide, pp616
etc. but perhaps I missed something, or there's a major change w/ FC2 to
get this to work, or i've just confused IP addressing?
Any help appreciated...
The ROUTER
(Gigabyte GA7VRXP, eth0 is onboard RealTek NIC, & Netgear PCI card for
eth1)
1_ router-
blue.myvnc.com
eth0 - dhcp
eth1 - 192.168.1.1
SubNet Mask 255.255.255.0
Default Gateway: 0.0.0.0
2_
/etc/sysconfig/network reads:
NETWORKING=yes
HOSTNAME='blue.myvnc.com'
GATEWAYDEV=eth0
2A_ in /etc/hosts reads:
127.0.0.1 localhost.localdomain localhost
192.168.1.10 red.myvnc.com red
#red is the host
3_
/etc/sysctl.conf reads:
net.ipv4.ip_forward = 1
4_
Added FORWARD rules
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
# cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old
cp: overwrite `/etc/sysconfig/iptables.old'? y
# iptables-save > /etc/sysconfig/iptables
# /etc/init.d/network restart
Shutting down interface eth0: [ OK ]
Shutting down interface eth1: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: [ OK ]
Setting network parameters: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
Bringing up interface eth1: [ OK ]
5_ checked rules have been added
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- 192.168.0.0/16 anywhere
ACCEPT all -- anywhere 192.168.0.0/16
DROP all -- !192.168.0.0/16 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
The HOST MACHINE
Asus A7N8X Deluxe, with onboard 3Com eth0, and Nvidia eth1
The cable IS connected to eth0, I checked physically and in network
settings to see that eth0 corresponds to 3Com, not Nvidia.
6_ eth0
192.168.1.10
SubNet Mask 255.255.255.0
Default Gateway 192.168.1.1
7- /etc/hosts - the host can see itself and the router:
127.0.0.1 localhost.localdomain red.myvnc.com red
192.168.1.1 blue.myvnc.com blue
8_ no firewall present on host, I checked-
#iptables -L
Chain INPUT (Policy ACCEPT)... target... <no values >
[FORWARD & OUTPUT, same, no values]
What am I missing? the default gateway in part 6_ above ?
the SubNet Masks?
Any help appreciated, tia
Chris
More information about the Ale
mailing list