IPTables
Hey all,
Im in the process of building a cluster - standard setup - 1 master node with 2 NICs - 4 Hosts - all connected via an Extreme Summit Switch I have the master, blades and switch all talking to each other but from the internal blades I can't get outside to my LAN. So basicsally ; <on master> eth0 : 10.0.0.1 / 255.255.255.0 (my internal network) eth1 : x.x.x.x (my public LAN) <on internal blade> eth0 : 10.0.0.10 / 255.255.255.0 From the internal blade I can ping 10.0.0.1 and also the x.x.x.x address Ive been trying to get the above working with IPtables (and Im reasonably sure Im using the correct syntax) but it still aint working. Any thoughts ? |
we can't comment on the accuracy of your iptables configuration if we can't see your iptables configuration. only thing i could suggest is that you have the default gateway configured incorrectly or have not enabled ip_masq within the kernel, or switched it on.
|
yeah show us your iptables rules set then we could suggest you whats gona wrong in between
|
Opps - that would be a good starting point eh ?
eth0 Link encap:Ethernet HWaddr 00:0E:0C:5B:A3:2D inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:22790 errors:0 dropped:0 overruns:0 frame:0 TX packets:20345 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1904602 (1.8 Mb) TX bytes:14948106 (14.2 Mb) Interrupt:31 Base address:0x2000 Memory:fe8e0000-fe900000 eth1 Link encap:Ethernet HWaddr 00:0E:0C:5B:A3:2C inet addr:x.x.x.x Bcast:x.x.x.x Mask:x.x.x.x UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14384091 errors:0 dropped:0 overruns:0 frame:0 TX packets:15321817 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:2189763468 (2088.3 Mb) TX bytes:3997451125 (3812.2 Mb) Interrupt:30 Base address:0x2040 Memory:fe8c0000-fe8e0000 [root@cbos001 root]# more /proc/sys/net/ipv4/ip_forward 1 [root@cbos001 root]# iptables -F [root@cbos001 root]# iptables -t nat -F [root@cbos001 root]# iptables --delete-chain [root@cbos001 root]# iptables -t nat --delete-chain iptables -A POSTROUTING -t nat -o eth1 -s 10.0.0.0/24 -j MASQUERADE iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEP iptables -A FORWARD -s 10.0.0.0/24 -d x.x.x.x/24 -j ACCEPT iptables-save > /etc/sysconfig/iptables Any help much appreciated. |
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEP
is this "ACCEP" is the mistake of copy/pasting or ....? well these rules look good for a computer that acting as router, MASQ rule is okay, FORWARDing is enable bla bla |
ACCEP was a mis-copy .. I used ACCEPT in the rule
How do I enable MASQ in the kernel - perhaps thats it ? |
well i don't really know what is wrong in between becuase your rules are just fine, i will assume route is define correctly
route -n (will show you your routes) and also I assume that you put proper entries for dns in /etc/resolv.conf regards |
On a problematic balde the route is ;
Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo |
try this to add default route via your eth0,
ip route add default gw via 10.0.0.1 |
All times are GMT -5. The time now is 09:07 PM. |