[SOLVED] NAT problems

The Badger · 06-25-2013, 06:53 PM

I have a virtual network of 3 machines running on the platform VirtualBox (version 4.1.16).

hosta and hostb are installed with debian-6.0.5-i386-netinst.iso and are a cli.

hostc is installed with ubuntu-12.04-desktop-i386.iso as GUI.

Both hosta (eth1) and b's IP settings are set statically and hostc revives its IP address from hostb which is acting as a DHCP server (isc-dhcp-server).

hosta is configured with 2 interface, eth0 (NAT) and eth1 (INT).
hostb and c both have one interface, set to internal.

In order to gain access to external addresses I am trying to configure NAT in hosta, I done this using the command "iptables -t nat -A POSTROUTING -s 10.R.N.0/24 -j MASQUERADE".

this has worked for hostb as it can reach google, aptitude etc. however hostc is unable to reach external addresses. I am able to ping both a and b from hostc, just not able to ping any external addresses.

Any help would be much appreciated.

acid_kewpie · 06-26-2013, 02:15 AM

It sounds like the default gateway on c has not been set, please provide "ifconfig -a", "route -n" and "iptables -vnL" for a and c. Note that the internal address ranges you're using are not "interesting", so do not need to be obscured.

The Badger · 06-26-2013, 09:35 AM

Thanks for your time Chris. I am guessing it has something to do with the Forward chain in routera, if so why is it that b can be routed out fine but not c? Also I tried to flush the iptables to see if that would eradicate the issue but think I have the syntax wrong.

From hostc

Click image for larger version

Name: hostc, ifconfig-a.PNG
Views: 24
Size: 94.5 KB
ID: 12806

Click image for larger version

Name: hostc, route -n.PNG
Views: 19
Size: 19.3 KB
ID: 12807

Click image for larger version

Name: hostc, iptable -vnL.PNG
Views: 19
Size: 32.7 KB
ID: 12808

acid_kewpie · 06-26-2013, 09:39 AM

that sharing site appears to be junk. Please paste the as text here, or at least as attachments.

The Badger · 06-26-2013, 09:45 AM

Hosta

Click image for larger version

Name: machina, ifconfig -a.PNG
Views: 23
Size: 48.1 KB
ID: 12809

Click image for larger version

Name: machin a, route -n.PNG
Views: 21
Size: 14.4 KB
ID: 12810

Click image for larger version

Name: hosta, iptables -vnL.PNG
Views: 20
Size: 26.0 KB
ID: 12811

Not sure how to post it as text, sorry.

szboardstretcher · 06-26-2013, 09:50 AM

SSH to the machine using putty then select the text and paste it into a code tag here.

The Badger · 06-26-2013, 09:55 AM

Yous till require me to do that?

The Badger · 06-26-2013, 10:49 AM

Code:

root@routera:/home/davy# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 08:00:27:a8:49:3c
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fea8:493c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:230 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17654 (17.2 KiB)  TX bytes:22508 (21.9 KiB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:23:72:e8
          inet addr:10.113.10.1  Bcast:10.113.10.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe23:72e8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:173 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19397 (18.9 KiB)  TX bytes:1284 (1.2 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 B)  TX bytes:560 (560.0 B)

Code:

root@routera:/home/davy# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.113.10.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0

Code:

root@routera:/home/davy# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

I can't connect to hostc via SSH for some reason, I figured out how to flush iptables and done so but didn't resolve the issue, so I have only been able to copy the text over for the commands run on hosta

acid_kewpie · 06-26-2013, 02:03 PM

I can't see anything low level that doesn't look right here. Clearly there is some network activity inbound to c, and you said yourself you can ping the gateway. Are you trying to hit remote hostnames or ip addresses? Could this actually be a DNS issue? If you do a traceroute 8.8.8.8 on c, does it get anywhere? can you show us "iptables -t nat -vnL" on a too?

The Badger · 06-26-2013, 02:33 PM

Code:

root@routera:/home/davy# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

When I do "traceroute 8.8.8.8" it returns 30 lines all reading "* * *"

*EDIT* I am unable to ping google by IP

acid_kewpie · 06-26-2013, 03:17 PM

so where is the masquerade target in host a?? did you just not save it?

8.8.8.8 is a google DNS server btw.

The Badger · 06-26-2013, 03:26 PM

"so where is the masquerade target in host a?" Not sure what you mean, sorry!

acid_kewpie · 06-26-2013, 03:33 PM

This:

Quote:

In order to gain access to external addresses I am trying to configure NAT in hosta, I done this using the command "iptables -t nat -A POSTROUTING -s 10.R.N.0/24 -j MASQUERADE".

where is that command in the iptables -t nat -vnL output?

The Badger · 06-26-2013, 03:41 PM

Executed it and forgot to paste it in here, sorry.

Code:

root@routera:/home/davy#  iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 35 packets, 5660 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain POSTROUTING (policy ACCEPT 30 packets, 2600 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 22 packets, 2083 bytes)
 pkts bytes target     prot opt in     out     source               destination

acid_kewpie · 06-27-2013, 01:05 AM

No, i mean the MASQUERADE line is clearly NOT in that output is it? you have NOT executed (and then saved) that command. Are you sure host B is connected the same way as host c?