LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   IPTables (https://www.linuxquestions.org/questions/linux-networking-3/iptables-244209/)

monkeyleader 10-18-2004 11:45 AM
IPTables
 
Hey all,

Im in the process of building a cluster - standard setup

- 1 master node with 2 NICs
- 4 Hosts
- all connected via an Extreme Summit Switch

I have the master, blades and switch all talking to each other but from the internal blades I can't get outside to my LAN.

So basicsally ;

<on master>

eth0 : 10.0.0.1 / 255.255.255.0 (my internal network)
eth1 : x.x.x.x (my public LAN)

<on internal blade>
eth0 : 10.0.0.10 / 255.255.255.0

From the internal blade I can ping 10.0.0.1 and also the x.x.x.x address

Ive been trying to get the above working with IPtables (and Im reasonably sure Im using the correct syntax) but it still aint working.

Any thoughts ?

acid_kewpie 10-18-2004 12:36 PM
we can't comment on the accuracy of your iptables configuration if we can't see your iptables configuration. only thing i could suggest is that you have the default gateway configured incorrectly or have not enabled ip_masq within the kernel, or switched it on.

mardanian 10-18-2004 12:56 PM
yeah show us your iptables rules set then we could suggest you whats gona wrong in between

monkeyleader 10-19-2004 02:47 AM
Opps - that would be a good starting point eh ?

eth0 Link encap:Ethernet HWaddr 00:0E:0C:5B:A3:2D
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22790 errors:0 dropped:0 overruns:0 frame:0
TX packets:20345 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1904602 (1.8 Mb) TX bytes:14948106 (14.2 Mb)
Interrupt:31 Base address:0x2000 Memory:fe8e0000-fe900000

eth1 Link encap:Ethernet HWaddr 00:0E:0C:5B:A3:2C
inet addr:x.x.x.x Bcast:x.x.x.x Mask:x.x.x.x
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14384091 errors:0 dropped:0 overruns:0 frame:0
TX packets:15321817 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2189763468 (2088.3 Mb) TX bytes:3997451125 (3812.2 Mb)
Interrupt:30 Base address:0x2040 Memory:fe8c0000-fe8e0000

[root@cbos001 root]# more /proc/sys/net/ipv4/ip_forward
1

[root@cbos001 root]# iptables -F
[root@cbos001 root]# iptables -t nat -F
[root@cbos001 root]# iptables --delete-chain
[root@cbos001 root]# iptables -t nat --delete-chain

iptables -A POSTROUTING -t nat -o eth1 -s 10.0.0.0/24 -j MASQUERADE


iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEP
iptables -A FORWARD -s 10.0.0.0/24 -d x.x.x.x/24 -j ACCEPT

iptables-save > /etc/sysconfig/iptables


Any help much appreciated.

mardanian 10-19-2004 04:14 AM
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEP

is this "ACCEP" is the mistake of copy/pasting or ....?

well these rules look good for a computer that acting as router, MASQ rule is okay, FORWARDing is enable bla bla

monkeyleader 10-19-2004 04:17 AM
ACCEP was a mis-copy .. I used ACCEPT in the rule

How do I enable MASQ in the kernel - perhaps thats it ?

mardanian 10-20-2004 01:55 AM
well i don't really know what is wrong in between becuase your rules are just fine, i will assume route is define correctly
route -n (will show you your routes)
and also I assume that you put proper entries for dns in /etc/resolv.conf


regards

monkeyleader 10-22-2004 08:40 AM
On a problematic balde the route is ;


Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

mardanian 10-22-2004 11:07 AM
try this to add default route via your eth0,

ip route add default gw via 10.0.0.1


All times are GMT -5. The time now is 09:07 PM.