LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-18-2010, 09:49 AM   #1
Poedersuiker
LQ Newbie
 
Registered: Oct 2008
Distribution: Fedora
Posts: 6

Rep: Reputation: 0
Question NAT/ip forwarding issues


I've been experiencing problems with my home network. Somehow my server rules prevent some traffic from ariving on the destination within the home network.

The network has the following setup:

ADSLline---Modem---Server---switch---clients

- The modem is a Draytek Vigor 120 set to bridge a pptpa to pptpe.
- The server is a Fedora 13 machine.
- The switch is a normal 5 port 1Gb switch.
- And the clients consist of multiple machines with different OSes, namely Ubuntu and Windows 7.

On the server I have the following network devices:
eth0: 192.168.0.1, internal network
eth1: no IP, bridge to ppp
ppp0: 80.***.**.73, external network with fixed IP (using dhcp to retrieve it from ISP).

I started forwarding and most of it works. Only, for example, some sites refuse to load on the clients (*NIX and Windows). If for instance I try to access addthis.com, Firefox will tell me it is waiting for s7.addthis.com. The same WILL work on the server, the site will show without a problem.

My iptables is stripped, rewritten and anything else I could think of multiple times. But the general policy is ACCEPT and I added the following commands (I changed the devices to match mine).

Code:
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
as stated in the Fedora documentation (2.8.5. FORWARD and NAT Rules).

Does anyone have a clue how to solve my problem? It would be nice to get everything working.
 
Old 12-18-2010, 10:58 AM   #2
chickenjoy
Member
 
Registered: Apr 2007
Distribution: centos,rhel, solaris
Posts: 200

Rep: Reputation: 30
Code:
# iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
# iptables --append FORWARD --in-interface ppp0 -j ACCEPT
Can you try the above? requests come from eth0 and is routed to ppp0.
 
Old 12-18-2010, 11:12 AM   #3
Poedersuiker
LQ Newbie
 
Registered: Oct 2008
Distribution: Fedora
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chickenjoy View Post
Code:
# iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
# iptables --append FORWARD --in-interface ppp0 -j ACCEPT
Can you try the above? requests come from eth0 and is routed to ppp0.
That didn't work unfortunately. My iptables give the following return on -L

Code:
[root@beest ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
And this on -S:
Code:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth0 -j ACCEPT
-A FORWARD -i ppp0 -j ACCEPT
 
Old 12-18-2010, 03:08 PM   #4
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
You forgot to tell us about the default routing on your server. Where does it send everything to?

And on your server you use only 2 interfaces:
eth0: 192.168.0.1, internal network
and
ppp0: external network

I think, you do not need eth1. All traffic should goes between those two interfaces.
 
Old 12-18-2010, 04:46 PM   #5
Poedersuiker
LQ Newbie
 
Registered: Oct 2008
Distribution: Fedora
Posts: 6

Original Poster
Rep: Reputation: 0
Routing

The routing is as follows:

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
lo1.dr4.d12.xs4 *               255.255.255.255 UH    0      0        0 ppp0
192.168.0.0     *               255.255.255.0   U     1      0        0 eth0
default         lo1.dr4.d12.xs4 0.0.0.0         UG    0      0        0 ppp0
And for even more information the output of ifconfig:
Code:
eth0      Link encap:Ethernet  HWaddr 00:40:F4:BC:7E:81
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::240:f4ff:febc:7e81/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:331293 errors:0 dropped:0 overruns:0 frame:0
          TX packets:590385 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:34779673 (33.1 MiB)  TX bytes:671836627 (640.7 MiB)
          Interrupt:18 Base address:0x8c00

eth1      Link encap:Ethernet  HWaddr 00:19:66:92:5C:E4
          inet6 addr: fe80::219:66ff:fe92:5ce4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2338502 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2136295 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1718389822 (1.6 GiB)  TX bytes:715722843 (682.5 MiB)
          Interrupt:27 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:496331 errors:0 dropped:0 overruns:0 frame:0
          TX packets:496331 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:101960018 (97.2 MiB)  TX bytes:101960018 (97.2 MiB)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:80.***.**.73  P-t-P:194.109.5.227  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:2336844 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2134631 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:1666878560 (1.5 GiB)  TX bytes:660112391 (629.5 MiB)
eth1 is the device for the pptpe link (which is ppp0).
 
Old 12-19-2010, 04:05 AM   #6
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Quote:
I started forwarding and most of it works. Only, for example, some sites refuse to load on the clients (*NIX and Windows). If for instance I try to access addthis.com, Firefox will tell me it is waiting for s7.addthis.com. The same WILL work on the server, the site will show without a problem.
As long as your routing table has only two interfaces I would prefer to have in FORWARD chain something like:
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT


And as long some works some not? please try to change MTU on your ppp0 interface from MTU:1492 to MTU:1450
You can do it if you type under root in console:
ip link set ppp0 down
ip link set ppp0 mtu 1400
ip link set ppp0 up

It might help.
 
Old 12-19-2010, 05:52 AM   #7
Poedersuiker
LQ Newbie
 
Registered: Oct 2008
Distribution: Fedora
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by nimnull22 View Post
As long as your routing table has only two interfaces I would prefer to have in FORWARD chain something like:
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT


And as long some works some not? please try to change MTU on your ppp0 interface from MTU:1492 to MTU:1450
You can do it if you type under root in console:
ip link set ppp0 down
ip link set ppp0 mtu 1400
ip link set ppp0 up

It might help.

Changing the MTU kills the connection. The iptables commands didn't do the job either. I feel like soms of the packets are just dumped by the iptables routine.

Is there some way to track packets to and from a specified website? Or maybe see the pakcets dumped by iptables?
 
Old 12-19-2010, 06:23 AM   #8
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Wait.

First of all, I did a mistake - I wanted to set it to 1450. I use 1400 and everything works perfect. So please do:

ip link set ppp0 mtu 1450

You probably have to avoid to bring down interface like this as it then will get new IP prom ISP.
So just change MTU and then do: ifconfig ppp0, make sure that MTU was changed.

Then, check if you have, as it was before:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
lo1.dr4.d12.xs4 * 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 * 255.255.255.0 U 1 0 0 eth0
default lo1.dr4.d12.xs4 0.0.0.0 UG 0 0 0 ppp0

Last edited by nimnull22; 12-19-2010 at 08:01 AM.
 
Old 12-19-2010, 10:14 AM   #9
Poedersuiker
LQ Newbie
 
Registered: Oct 2008
Distribution: Fedora
Posts: 6

Original Poster
Rep: Reputation: 0
I did the modification of mtu before too. I thought one could be a mistype but both had the same error. Routing is still good.

For now I connected an other router (instead of the modem). This way I have two computers working and the network behind the server is still safe. The trouble started when I needed to start using PtPPA for my connection. I will ask my ISP for an alternative or find one myself (changing ISP).
Thanks for your help and hopefully I can correct the errors or have better luck with another modem/router.
 
  


Reply

Tags
fedora 13, forwarding, iptables, nat


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT port forwarding mrittman Linux - Newbie 3 09-28-2009 06:31 PM
NAT Forwarding not working. MikeyCarter Linux - Networking 2 03-04-2009 09:35 AM
iptables - port forwarding through nat issues web_janitor Linux - Networking 2 01-23-2009 06:16 PM
NAT forwarding kermitthefrog91 Linux - Networking 4 08-04-2005 03:26 AM
Firewall/NAT issues with X-Server w/ SSH forwarding JMCraig Linux - Security 1 01-25-2005 12:51 AM


All times are GMT -5. The time now is 03:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration