Iptables & Ipmasq playing up

NiM · 08-17-2001, 02:04 AM

Hi,

I did the following to enable IP masq:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE

Then set the gateway on my win pc to the ip of the linux box...

But it seems only MSN messenger will use the gateway...

Win seems set up correctly, so I'm thinking it's a linux problem, also it might be that linux is dropping the packets for web etc, because if I request a site on win, the modem light will flash for recieved data (linux has the modem of course) but that data never gets to windows...

The network works properly, Kernel should support IP masq...

Any ideas?

- Nick

alpha-wolf · 08-17-2001, 07:15 AM

Hi,
does your windoze have the right ip. Will it ping the linuxhost? Do you have any proxies konfigured under win? Whats the output of
# ifconfig
and
# iptables -L -n
?
Do you have the right policies on your filtertables?

alpha-wolf

NiM · 08-17-2001, 08:31 AM

Hi,

Code:

[root@chips /root]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:20:18:44:33:F0
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:121 errors:0 dropped:0 overruns:0 frame:0
          TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:8332 (8.1 Kb)  TX bytes:12834 (12.5 Kb)
          Interrupt:5 Base address:0x220

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1372 (1.3 Kb)  TX bytes:1372 (1.3 Kb)

[root@chips /root]#

(When ppp is present it shows itself too)

and...

Code:

[root@chips /root]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@chips /root]#

I'm guessing the second display means I've left something major out... what?

I can ping linux from windows, and linux will ping windows, the network istelf is fine...

filtertables?

I don't really know much about Linux, but, eventually I'll learn...

Thanks,
- Nick

alpha-wolf · 08-17-2001, 11:14 AM

Everything seems correct for me.
iptables -L -n just shows the filter rules, if you want to see the NAT rules do:
iptables -t nat -L -n, that will show you your MASQUERADING.

For your problem:
Use tcpdump on both interfaces to see whats going on. How will the packets leave the ppp-device? Are the answers coming back? and so on.

alpha-wolf

NiM · 08-17-2001, 11:50 AM

Hi,

As always, it was a problem with the windows config, not linux...

It's all working perfectly now, or seems to be

However, I think it's going through the net for local IPs, because if I telnet from inside the network to my box, it connects but waits a while untill I gets me the login prompt...

What'd ya think?

- Nick