Bridging cant make it...
i m using Fedora to do the bridging..
http://bridge.sourceforge.net/howto.html even i had follow the step, why my laptop still cant access the internet via the bridged PC( FEDORA with Eth0 and eth1)? what ip should i set for my laptop(WINDOW platform)? INTERNET------>ROUTER------->PC (Fedora with eth0(connect router) & eth1(connect laptop))---------->laptop (connect to eth1) WHY LAPTOP cant access internet?? i really dono....help.. |
Do you have forwarding enabled at the PC?
|
No. But after i enable it, it still the same...
i enable it using this command: echo 1 > /proc/sys/net/ipv4/ip_forward any other probability? or..maybe my internet connection is too slow?? my connection estimate is 100 kbps. |
have you enabled masquerading?
|
yes..by using this command...
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE but still the same ... :( any other problem??can u include the command for me also , so i wont make a mistake during typing the commands. Thanks...... |
I guess you have to masquerade traffic going out to eth0 instead.
|
i have masquerade traffic going out to eth0. but should i disable masquerade for eth1?? what is the command to do that???
even i have masquerade traffic going out to eth0, the result still the same.....:( |
you are asking too much at once. :)
You delete iptables rules with -R instead of -A Simply write the rule you sent to iptables and replace the -A with -R. You don't have to masquerade traffic going out to eth1 (if it's a point to point connection). What is iptables's FORWARD policy? (iptables -L FORWARD). |
First of all....THANK...for guiding me alot....i will try my best (with ur guide)
u mean i just type this to delete the rules?? iptables -t nat -R POSTROUTING -o eth1 -j MASQUERADE <<<<<<---is it correct? -R require a rule member.... the Forward POlicy is Chain FORWARD (policy ACCEPT). (p/s : sorry if i ask some stupid question....caz i just start to learn it...and u r so kind...) |
Don't worry. Ur just a newbie (no pun intended :)).
so..... your FORWARD policy is accept. I think I'll need your iptables rules as a whole. Can you copy the output of iptables -L and iptables -t nat -L here? |
and yes.,.... because iptables will look for the rule with that syntax to delete it. Did I say -R?
It's -D. Oops! |
Chain INPUT (policy ACCEPT)
target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere [root@jin root]# iptables -L Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@jin root]# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
sorry...
jst now i restart the PC so at the iptables -t nat -L part.. there should be : ...... .... Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere |
It look like .............
[root@jin root]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@jin root]# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination |
And the default gw of the linux box is the PC, right?
OK.... here's the deal: When you ping something, say... your isp's ip address, packets will go to your gateway (cause it will be outside of your scope, right?). The server will take those packages through this chains: PREROUTE... ACCEPT. If you had enabled forward (cat 1 > /proc/sys/net/ipv4/ip_forward), the packet will go on to the next chain. FORWARD (they are ment to go to another host): ACCEPT. POSTROUTING: ACCEPT. and then the packet goes out to the lan..... BUT the packet didn't change it's source address. It should have been changed to the PC's so that the packet is handled the PC (remember your laptop is not reachable in the LAN). Why did this happen? There's no MASQUERADE rule in the POSTROUTING chain (according to what you wrote). |
All times are GMT -5. The time now is 09:31 PM. |