[Bug 52] New: masquerading not working with iproute2

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Wed, 19 Feb 2003 04:01:25 +0100


           Summary: masquerading not working with iproute2
           Product: netfilter/iptables
           Version: linux-2.4.x
          Platform: i386
        OS/Version: RedHat Linux
            Status: NEW
          Severity: blocker
          Priority: P2
         Component: NAT
        AssignedTo: laforge@netfilter.org
        ReportedBy: stewart@gammasolutions.com
                CC: netfilter-buglog@lists.netfilter.org

i have two machines which are VERY similar (software wise). Both redhat 7.2, all
updates, running 2.4.19-xfs (custom built)

Linux version 2.4.19-xfs (root@omega) (gcc version 2.96 20000731 (Red Hat Linux
7.2 2.96-108.7.2)) #3 SMP Mon Nov 11 17:52:11 EST 2002

Linux version 2.4.19-xfs (root@delta) (gcc version 2.96 20000731 (Red Hat Linux
7.2 2.96-112.7.2)) #1 Mon Nov 25 15:36:03 EST 2002

omega has two connections to the internet (one is used for hosting our web site
and mail etc and the other for browsing the web, as it is cheaper). I have an
iproute2 script set up to acheive this (attached). Delta does not have this
script (it is only connected to one internet connection). This is the only
differnce that isn't hardware (maybe lynx isn't installed on delta... but that's

I also have iptables-restore (via the redhat init.d script) setting up iptables
firewall. I am trying to enable masquerading for one IP in the outside world
(our freight company uses it or some such thing, and i can't proxy it - that i
know of). the iptables-restore script is attached.

On Delta, this script works fine - and from my pc, i can connect to the remote
host (i found the FTP port open, and can telnet to it). However, if i set this
up on omega, it doesn't (and yes, i change my gateway settings).

client pc is Debian Sid

Linux version 2.4.19-xfs (root@stewart) (gcc version 2.95.4 20011002 (Debian
prerelease)) #4 Thu Nov 28 15:06:09 EST 2002

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.