LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-25-2013, 07:53 PM   #1
The Badger
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Rep: Reputation: Disabled
NAT problems


I have a virtual network of 3 machines running on the platform VirtualBox (version 4.1.16).

hosta and hostb are installed with debian-6.0.5-i386-netinst.iso and are a cli.

hostc is installed with ubuntu-12.04-desktop-i386.iso as GUI.

Both hosta (eth1) and b's IP settings are set statically and hostc revives its IP address from hostb which is acting as a DHCP server (isc-dhcp-server).

hosta is configured with 2 interface, eth0 (NAT) and eth1 (INT).
hostb and c both have one interface, set to internal.

In order to gain access to external addresses I am trying to configure NAT in hosta, I done this using the command "iptables -t nat -A POSTROUTING -s 10.R.N.0/24 -j MASQUERADE".

this has worked for hostb as it can reach google, aptitude etc. however hostc is unable to reach external addresses. I am able to ping both a and b from hostc, just not able to ping any external addresses.

Any help would be much appreciated.
 
Old 06-26-2013, 03:15 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
It sounds like the default gateway on c has not been set, please provide "ifconfig -a", "route -n" and "iptables -vnL" for a and c. Note that the internal address ranges you're using are not "interesting", so do not need to be obscured.
 
Old 06-26-2013, 10:35 AM   #3
The Badger
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Thanks for your time Chris. I am guessing it has something to do with the Forward chain in routera, if so why is it that b can be routed out fine but not c? Also I tried to flush the iptables to see if that would eradicate the issue but think I have the syntax wrong.


From hostc

Click image for larger version

Name:	hostc, ifconfig-a.PNG
Views:	14
Size:	94.5 KB
ID:	12806

Click image for larger version

Name:	hostc, route -n.PNG
Views:	13
Size:	19.3 KB
ID:	12807

Click image for larger version

Name:	hostc, iptable -vnL.PNG
Views:	13
Size:	32.7 KB
ID:	12808

Last edited by The Badger; 06-26-2013 at 10:44 AM.
 
Old 06-26-2013, 10:39 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
that sharing site appears to be junk. Please paste the as text here, or at least as attachments.
 
Old 06-26-2013, 10:45 AM   #5
The Badger
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Hosta

Click image for larger version

Name:	machina, ifconfig -a.PNG
Views:	12
Size:	48.1 KB
ID:	12809

Click image for larger version

Name:	machin a, route -n.PNG
Views:	10
Size:	14.4 KB
ID:	12810

Click image for larger version

Name:	hosta, iptables -vnL.PNG
Views:	10
Size:	26.0 KB
ID:	12811

Not sure how to post it as text, sorry.
 
Old 06-26-2013, 10:50 AM   #6
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,102

Rep: Reputation: 1515Reputation: 1515Reputation: 1515Reputation: 1515Reputation: 1515Reputation: 1515Reputation: 1515Reputation: 1515Reputation: 1515Reputation: 1515Reputation: 1515
SSH to the machine using putty then select the text and paste it into a code tag here.
 
1 members found this post helpful.
Old 06-26-2013, 10:55 AM   #7
The Badger
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Yous till require me to do that?
 
Old 06-26-2013, 11:49 AM   #8
The Badger
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Code:
root@routera:/home/davy# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:49:3c
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:493c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17654 (17.2 KiB)  TX bytes:22508 (21.9 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:23:72:e8
          inet addr:10.113.10.1  Bcast:10.113.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe23:72e8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:173 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19397 (18.9 KiB)  TX bytes:1284 (1.2 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 B)  TX bytes:560 (560.0 B)
Code:
root@routera:/home/davy# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.113.10.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
Code:
root@routera:/home/davy# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

I can't connect to hostc via SSH for some reason, I figured out how to flush iptables and done so but didn't resolve the issue, so I have only been able to copy the text over for the commands run on hosta
 
Old 06-26-2013, 03:03 PM   #9
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
I can't see anything low level that doesn't look right here. Clearly there is some network activity inbound to c, and you said yourself you can ping the gateway. Are you trying to hit remote hostnames or ip addresses? Could this actually be a DNS issue? If you do a traceroute 8.8.8.8 on c, does it get anywhere? can you show us "iptables -t nat -vnL" on a too?
 
Old 06-26-2013, 03:33 PM   #10
The Badger
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Code:
root@routera:/home/davy# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
When I do "traceroute 8.8.8.8" it returns 30 lines all reading "* * *"

*EDIT* I am unable to ping google by IP

Last edited by The Badger; 06-26-2013 at 03:36 PM.
 
Old 06-26-2013, 04:17 PM   #11
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
so where is the masquerade target in host a?? did you just not save it?

8.8.8.8 is a google DNS server btw.
 
Old 06-26-2013, 04:26 PM   #12
The Badger
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
"so where is the masquerade target in host a?" Not sure what you mean, sorry!
 
Old 06-26-2013, 04:33 PM   #13
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
This:
Quote:
In order to gain access to external addresses I am trying to configure NAT in hosta, I done this using the command "iptables -t nat -A POSTROUTING -s 10.R.N.0/24 -j MASQUERADE".
where is that command in the iptables -t nat -vnL output?
 
Old 06-26-2013, 04:41 PM   #14
The Badger
LQ Newbie
 
Registered: Jun 2013
Posts: 9

Original Poster
Rep: Reputation: Disabled
Executed it and forgot to paste it in here, sorry.

Code:
root@routera:/home/davy#  iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 35 packets, 5660 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 30 packets, 2600 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 22 packets, 2083 bytes)
 pkts bytes target     prot opt in     out     source               destination
 
Old 06-27-2013, 02:05 AM   #15
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
No, i mean the MASQUERADE line is clearly NOT in that output is it? you have NOT executed (and then saved) that command. Are you sure host B is connected the same way as host c?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT and NAT Server behind its own NAT(private network) zeusys Linux - Networking 1 06-08-2011 07:22 PM
some problems about nat in the iptables linux_biao Linux - Newbie 1 05-06-2011 11:23 AM
NAT problems GeneralDark Linux - Networking 9 11-13-2008 02:49 PM
NAT Problems mikanoot Linux - Networking 2 08-28-2008 07:33 PM
problems with nat alaios Linux - Networking 3 11-17-2004 10:03 PM


All times are GMT -5. The time now is 12:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration