NAT/ip forwarding issues
I've been experiencing problems with my home network. Somehow my server rules prevent some traffic from ariving on the destination within the home network.
The network has the following setup: ADSLline---Modem---Server---switch---clients - The modem is a Draytek Vigor 120 set to bridge a pptpa to pptpe. - The server is a Fedora 13 machine. - The switch is a normal 5 port 1Gb switch. - And the clients consist of multiple machines with different OSes, namely Ubuntu and Windows 7. On the server I have the following network devices: eth0: 192.168.0.1, internal network eth1: no IP, bridge to ppp ppp0: 80.***.**.73, external network with fixed IP (using dhcp to retrieve it from ISP). I started forwarding and most of it works. Only, for example, some sites refuse to load on the clients (*NIX and Windows). If for instance I try to access addthis.com, Firefox will tell me it is waiting for s7.addthis.com. The same WILL work on the server, the site will show without a problem. My iptables is stripped, rewritten and anything else I could think of multiple times. But the general policy is ACCEPT and I added the following commands (I changed the devices to match mine). Code:
iptables -A FORWARD -i eth0 -j ACCEPT Does anyone have a clue how to solve my problem? It would be nice to get everything working. |
Code:
# iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE |
Quote:
Code:
[root@beest ~]# iptables -L Code:
-P INPUT ACCEPT |
You forgot to tell us about the default routing on your server. Where does it send everything to?
And on your server you use only 2 interfaces: eth0: 192.168.0.1, internal network and ppp0: external network I think, you do not need eth1. All traffic should goes between those two interfaces. |
Routing
The routing is as follows:
Code:
Kernel IP routing table Code:
eth0 Link encap:Ethernet HWaddr 00:40:F4:BC:7E:81 |
Quote:
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT And as long some works some not? please try to change MTU on your ppp0 interface from MTU:1492 to MTU:1450 You can do it if you type under root in console: ip link set ppp0 down ip link set ppp0 mtu 1400 ip link set ppp0 up It might help. |
Quote:
Changing the MTU kills the connection. The iptables commands didn't do the job either. I feel like soms of the packets are just dumped by the iptables routine. Is there some way to track packets to and from a specified website? Or maybe see the pakcets dumped by iptables? |
Wait.
First of all, I did a mistake - I wanted to set it to 1450. I use 1400 and everything works perfect. So please do: ip link set ppp0 mtu 1450 You probably have to avoid to bring down interface like this as it then will get new IP prom ISP. So just change MTU and then do: ifconfig ppp0, make sure that MTU was changed. Then, check if you have, as it was before: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface lo1.dr4.d12.xs4 * 255.255.255.255 UH 0 0 0 ppp0 192.168.0.0 * 255.255.255.0 U 1 0 0 eth0 default lo1.dr4.d12.xs4 0.0.0.0 UG 0 0 0 ppp0 |
I did the modification of mtu before too. I thought one could be a mistype but both had the same error. Routing is still good.
For now I connected an other router (instead of the modem). This way I have two computers working and the network behind the server is still safe. The trouble started when I needed to start using PtPPA for my connection. I will ask my ISP for an alternative or find one myself (changing ISP). Thanks for your help and hopefully I can correct the errors or have better luck with another modem/router. |
All times are GMT -5. The time now is 07:25 AM. |