Cant get iptables to work
Shin Neng Wong
snwong@nttmsc.com.my
Mon, 30 Jul 2001 16:01:40 +0900
--0__=dz3hdhv9Oq5RdkdhIfH1WH5N8krkoGTJ5NOiz8rBW5Zc6Ydnb3nwyDBC
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
I'm out of ideas too. As for debugging, I usually just run a tcpdump and try to
catch where the packets are flying. I'm still novice to this so hopefully
someone can give a better suggestions.
"Peter Pohlmann" <peter@e-partner.com> on 07/30/2001 11:42:14 AM
To: Shin Neng Wong/NTTMSC
cc:
Subject: Re: Cant get iptables to work
Again thanks for the help, but still no success.
Is there anyway to get some debug info ?
For now I have to get some hours sleep 3:00 am here i Toronto Canada
Thanks again
Peter
----- Original Message -----
From: Shin Neng Wong
To: Peter Pohlmann
Sent: Monday, July 30, 2001 6:27 AM
Subject: Re: Cant get iptables to work
In that case, try SNAT instead of Masquerading like:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to x.x.x.x
where x.x.x.x is your public IP address.
hope it helps :)
"Peter Pohlmann" <peter@e-partner.com> on 07/30/2001 11:23:55 AM
To: Shin Neng Wong/NTTMSC
cc:
Subject: Re: Cant get iptables to work
Thanks for the advise, but it did not work.
The eth0 interface has a static and public IP address
Peter
----- Original Message -----
From: Shin Neng Wong
To: Peter Pohlmann
Cc: netfilter
Sent: Monday, July 30, 2001 5:55 AM
Subject: Re: Cant get iptables to work
you should enable IP forwarding for dynamic addresses. I think it is:
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
"Peter Pohlmann" <peter@e-partner.com> on 07/30/2001 10:48:51 AM
To: "netfilter" <netfilter@lists.samba.org>
cc: (bcc: Shin Neng Wong/NTTMSC)
Subject: Cant get iptables to work
Hello lList,
here iss my little "BIG" Problem.
I have a redhat 7.1 box and recently installed kernel 2.4.7
Iptables Version 1.2.2
I habe a private LAN 192.168.1.0 on interface eth1 and a public IP on eth0
I can ping from the private LAN eth1 and eth0 ,but I am unable to ping the
outside world.
IPCHAINS is not running.
Masquerading is on and the rest is all open.
THe prime objective for now is to give the LAN access to the "world"
Can someone help me ? I am not sure if it is the rules or something else.
I have the following line in script:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
That is all and I think that should give access. I have compiled the kernel
with
all netfilter options included except FAST SWITCHING as it is describted in
some
FAQs.
No idea anymore where to look further. Any advise ?
Thanks for your help.
Peter
--0__=dz3hdhv9Oq5RdkdhIfH1WH5N8krkoGTJ5NOiz8rBW5Zc6Ydnb3nwyDBC
Content-type: text/html;
name="att1.htm"
Content-Disposition: attachment; filename="att1.htm"
Content-transfer-encoding: base64
Content-Description: Internet HTML
PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PWlzby04ODU5LTEiPg0KPE1FVEEgY29udGVudD0iTVNIVE1M
IDYuMDAuMjQ3OS42IiBuYW1lPUdFTkVSQVRPUj4NCjxTVFlMRT48L1NUWUxFPg0KPC9IRUFEPg0K
PEJPRFkgYmdDb2xvcj0jZmZmZmZmPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNpemU9Mj5BZ2Fp
biB0aGFua3MgZm9yIHRoZSBoZWxwLCBidXQgc3RpbGwgbm8gDQpzdWNjZXNzLjwvRk9OVD48L0RJ
Vj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+SXMgdGhlcmUgYW55d2F5IHRvIGdldCBz
b21lIGRlYnVnIGluZm8mbmJzcDsgPyANCjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1B
cmlhbCBzaXplPTI+PC9GT05UPiZuYnNwOzwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNp
emU9Mj5Gb3Igbm93IEkgaGF2ZSB0byBnZXQgc29tZSBob3VycyBzbGVlcCAzOjAwIGFtIGhlcmUg
DQppIFRvcm9udG8gQ2FuYWRhPC9GT05UPjwvRElWPg0KPERJVj48Rk9OVCBmYWNlPUFyaWFsIHNp
emU9Mj48L0ZPTlQ+Jm5ic3A7PC9ESVY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPlRo
YW5rcyBhZ2FpbjwvRk9OVD48L0RJVj4NCjxESVY+PEZPTlQgZmFjZT1BcmlhbCBzaXplPTI+UGV0
ZXI8L0ZPTlQ+PC9ESVY+DQo8QkxPQ0tRVU9URSANCnN0eWxlPSJQQURESU5HLVJJR0hUOiAwcHg7
IFBBRERJTkctTEVGVDogNXB4OyBNQVJHSU4tTEVGVDogNXB4OyBCT1JERVItTEVGVDogIzAwMDAw
MCAycHggc29saWQ7IE1BUkdJTi1SSUdIVDogMHB4Ij4NCiAgPERJViBzdHlsZT0iRk9OVDogMTBw
dCBhcmlhbCI+LS0tLS0gT3JpZ2luYWwgTWVzc2FnZSAtLS0tLSA8L0RJVj4NCiAgPERJViANCiAg
c3R5bGU9IkJBQ0tHUk9VTkQ6ICNlNGU0ZTQ7IEZPTlQ6IDEwcHQgYXJpYWw7IGZvbnQtY29sb3I6
IGJsYWNrIj48Qj5Gcm9tOjwvQj4gDQogIDxBIHRpdGxlPXNud29uZ0BudHRtc2MuY29tLm15IGhy
ZWY9Im1haWx0bzpzbndvbmdAbnR0bXNjLmNvbS5teSI+U2hpbiBOZW5nIA0KICBXb25nPC9BPiA8
L0RJVj4NCiAgPERJViBzdHlsZT0iRk9OVDogMTBwdCBhcmlhbCI+PEI+VG86PC9CPiA8QSB0aXRs
ZT1wZXRlckBlLXBhcnRuZXIuY29tIA0KICBocmVmPSJtYWlsdG86cGV0ZXJAZS1wYXJ0bmVyLmNv
bSI+UGV0ZXIgUG9obG1hbm48L0E+IDwvRElWPg0KICA8RElWIHN0eWxlPSJGT05UOiAxMHB0IGFy
aWFsIj48Qj5TZW50OjwvQj4gTW9uZGF5LCBKdWx5IDMwLCAyMDAxIDY6MjcgQU08L0RJVj4NCiAg
PERJViBzdHlsZT0iRk9OVDogMTBwdCBhcmlhbCI+PEI+U3ViamVjdDo8L0I+IFJlOiBDYW50IGdl
dCBpcHRhYmxlcyB0byANCiAgd29yazwvRElWPg0KICA8RElWPjxCUj48L0RJVj48QlI+PEJSPklu
IHRoYXQgY2FzZSwgdHJ5IFNOQVQgaW5zdGVhZCBvZiBNYXNxdWVyYWRpbmcgDQogIGxpa2U6PEJS
PjxCUj5pcHRhYmxlcyAtdCBuYXQgLUEgUE9TVFJPVVRJTkcgLW8gZXRoMCAtaiBTTkFUIC0tdG8g
DQogIHgueC54Lng8QlI+PEJSPndoZXJlIHgueC54LnggaXMgeW91ciBwdWJsaWMgSVAgYWRkcmVz
cy48QlI+PEJSPmhvcGUgaXQgaGVscHMgDQogIDopPEJSPjxCUj48QlI+PEJSPjxCUj48QlI+PEJS
PjxCUj4iUGV0ZXIgUG9obG1hbm4iICZsdDs8QSANCiAgaHJlZj0ibWFpbHRvOnBldGVyQGUtcGFy
dG5lci5jb20iPnBldGVyQGUtcGFydG5lci5jb208L0E+Jmd0OyBvbiAwNy8zMC8yMDAxIA0KICAx
MToyMzo1NSBBTTxCUj48QlI+VG86Jm5ic3A7Jm5ic3A7IFNoaW4gTmVuZyANCiAgV29uZy9OVFRN
U0M8QlI+Y2M6PEJSPjxCUj5TdWJqZWN0OiZuYnNwOyBSZTogQ2FudCBnZXQgaXB0YWJsZXMgdG8g
DQogIHdvcms8QlI+PEJSPjxCUj48QlI+PEJSPlRoYW5rcyBmb3IgdGhlIGFkdmlzZSwgYnV0IGl0
IGRpZCBub3Qgd29yay48QlI+VGhlIA0KICBldGgwIGludGVyZmFjZSBoYXMgYSBzdGF0aWMgYW5k
IHB1YmxpYyBJUCBhZGRyZXNzPEJSPjxCUj5QZXRlcjxCUj4mbmJzcDsgLS0tLS0gDQogIE9yaWdp
bmFsIE1lc3NhZ2UgLS0tLS08QlI+Jm5ic3A7IEZyb206IFNoaW4gTmVuZyBXb25nPEJSPiZuYnNw
OyBUbzogUGV0ZXIgDQogIFBvaGxtYW5uPEJSPiZuYnNwOyBDYzogbmV0ZmlsdGVyPEJSPiZuYnNw
OyBTZW50OiBNb25kYXksIEp1bHkgMzAsIDIwMDEgNTo1NSANCiAgQU08QlI+Jm5ic3A7IFN1Ympl
Y3Q6IFJlOiBDYW50IGdldCBpcHRhYmxlcyB0byB3b3JrPEJSPjxCUj48QlI+PEJSPjxCUj4mbmJz
cDsgDQogIHlvdSBzaG91bGQgZW5hYmxlIElQIGZvcndhcmRpbmcgZm9yIGR5bmFtaWMgYWRkcmVz
c2VzLiZuYnNwOyBJIHRoaW5rIGl0IA0KICBpczo8QlI+PEJSPiZuYnNwOyBlY2hvIDEgJmd0OyAN
CiAgL3Byb2Mvc3lzL25ldC9pcHY0L2lwX2R5bmFkZHI8QlI+PEJSPjxCUj48QlI+PEJSPjxCUj48
QlI+Jm5ic3A7ICJQZXRlciANCiAgUG9obG1hbm4iICZsdDtwZXRlckBlLXBhcnRuZXIuY29tJmd0
OyBvbiAwNy8zMC8yMDAxIDEwOjQ4OjUxIEFNPEJSPjxCUj4mbmJzcDsgDQogIFRvOiZuYnNwOyZu
YnNwOyAibmV0ZmlsdGVyIiAmbHQ7bmV0ZmlsdGVyQGxpc3RzLnNhbWJhLm9yZyZndDs8QlI+Jm5i
c3A7IA0KICBjYzombmJzcDsmbmJzcDsmbmJzcDsgKGJjYzogU2hpbiBOZW5nIFdvbmcvTlRUTVND
KTxCUj48QlI+Jm5ic3A7IA0KICBTdWJqZWN0OiZuYnNwOyBDYW50IGdldCBpcHRhYmxlcyB0byB3
b3JrPEJSPjxCUj48QlI+PEJSPjxCUj4mbmJzcDsgSGVsbG8gDQogIGxMaXN0LDxCUj48QlI+Jm5i
c3A7IGhlcmUgaXNzIG15IGxpdHRsZSAiQklHIiBQcm9ibGVtLjxCUj4mbmJzcDsgSSBoYXZlIGEg
DQogIHJlZGhhdCA3LjEgYm94IGFuZCByZWNlbnRseSBpbnN0YWxsZWQga2VybmVsIDIuNC43PEJS
PiZuYnNwOyBJcHRhYmxlcyBWZXJzaW9uIA0KICAxLjIuMjxCUj48QlI+Jm5ic3A7IEkgaGFiZSBh
IHByaXZhdGUgTEFOIDE5Mi4xNjguMS4wIG9uIGludGVyZmFjZSBldGgxIGFuZCBhIA0KICBwdWJs
aWMgSVAgb24gZXRoMDxCUj48QlI+Jm5ic3A7IEkgY2FuIHBpbmcgZnJvbSB0aGUgcHJpdmF0ZSBM
QU4gZXRoMSBhbmQgZXRoMCANCiAgLGJ1dCBJIGFtIHVuYWJsZSB0byBwaW5nIHRoZTxCUj4mbmJz
cDsgb3V0c2lkZSB3b3JsZC48QlI+Jm5ic3A7IElQQ0hBSU5TIGlzIA0KICBub3QgcnVubmluZy48
QlI+PEJSPiZuYnNwOyBNYXNxdWVyYWRpbmcgaXMgb24gYW5kIHRoZSByZXN0IGlzIGFsbCANCiAg
b3Blbi48QlI+PEJSPiZuYnNwOyBUSGUgcHJpbWUgb2JqZWN0aXZlIGZvciBub3cgaXMgdG8gZ2l2
ZSB0aGUgTEFOIGFjY2VzcyB0byANCiAgdGhlICJ3b3JsZCI8QlI+Jm5ic3A7IENhbiBzb21lb25l
IGhlbHAgbWUgPyBJIGFtIG5vdCBzdXJlIGlmIGl0IGlzIHRoZSBydWxlcyANCiAgb3Igc29tZXRo
aW5nIGVsc2UuPEJSPiZuYnNwOyBJIGhhdmUgdGhlIGZvbGxvd2luZyBsaW5lIGluIA0KICBzY3Jp
cHQ6PEJSPjxCUj4mbmJzcDsgaXB0YWJsZXMgLXQgbmF0IC1BIFBPU1RST1VUSU5HIC1vIGV0aDAg
LWogDQogIE1BU1FVRVJBREU8QlI+Jm5ic3A7IGVjaG8gMSAmZ3Q7IC9wcm9jL3N5cy9uZXQvaXB2
NC9pcF9mb3J3YXJkPEJSPjxCUj4mbmJzcDsgDQogIFRoYXQgaXMgYWxsIGFuZCBJIHRoaW5rIHRo
YXQgc2hvdWxkIGdpdmUgYWNjZXNzLiBJIGhhdmUgY29tcGlsZWQgdGhlIA0KICBrZXJuZWw8QlI+
d2l0aDxCUj4mbmJzcDsgYWxsIG5ldGZpbHRlciBvcHRpb25zIGluY2x1ZGVkIGV4Y2VwdCBGQVNU
IFNXSVRDSElORyANCiAgYXMgaXQgaXMgZGVzY3JpYnRlZCBpbjxCUj5zb21lPEJSPiZuYnNwOyBG
QVFzLjxCUj48QlI+Jm5ic3A7IE5vIGlkZWEgYW55bW9yZSANCiAgd2hlcmUgdG8gbG9vayBmdXJ0
aGVyLiBBbnkgYWR2aXNlID88QlI+PEJSPjxCUj4mbmJzcDsgVGhhbmtzIGZvciB5b3VyIA0KICBo
ZWxwLjxCUj4mbmJzcDsgUGV0ZXI8QlI+PEJSPjxCUj48QlI+PEJSPjxCUj48QlI+PC9CTE9DS1FV
T1RFPjwvQk9EWT48L0hUTUw+DQo=
--0__=dz3hdhv9Oq5RdkdhIfH1WH5N8krkoGTJ5NOiz8rBW5Zc6Ydnb3nwyDBC--