Configuring IP forwarding through ubuntu

xyrer · 09-24-2007, 11:35 AM

Hi, I am trying to do almost the same thing, I have squid working all right, but I haven't been able to do telnet routing (or whatever it's called), this is what the ubuntu server has:

sudo iptables -nvL :

Code:

Chain INPUT (policy ACCEPT 637K packets, 76M bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:23 LOG flags 0 level 4 

Chain FORWARD (policy ACCEPT 2 packets, 120 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 254K packets, 56M bytes)
 pkts bytes target     prot opt in     out     source               destination

sudo iptables --list :

Code:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LOG        tcp  --  anywhere             anywhere            tcp dpt:telnet LOG level warning 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

cat /proc/sys/net/ipv4/ip_forward :

Code:

sudo iptables -t nat -nvL :

Code:

Chain PREROUTING (policy ACCEPT 429K packets, 55M bytes)
 pkts bytes target     prot opt in     out     source               destination         
   18  1080 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:23 to:192.168.1.1:23 

Chain POSTROUTING (policy ACCEPT 1276 packets, 280K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1275 packets, 280K bytes)
 pkts bytes target     prot opt in     out     source               destination

ifconfig :

Code:

eth0      Link encap:Ethernet  HWaddr 00:02:A5:EB:00:8E  
          inet addr:192.168.15.36  Bcast:192.168.15.255  Mask:255.255.255.0
          inet6 addr: fe80::202:a5ff:feeb:8e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2398628 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1061787 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:222454190 (212.1 MiB)  TX bytes:503312432 (479.9 MiB)

eth0:0    Link encap:Ethernet  HWaddr 00:02:A5:EB:00:8E  
          inet addr:192.168.1.158  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth1      Link encap:Ethernet  HWaddr 00:60:97:D7:4F:27  
          inet addr:<public_ip>  Bcast:<public_ip_broadcast>  Mask:255.255.255.240
          inet6 addr: fe80::260:97ff:fed7:4f27/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2835646 errors:0 dropped:0 overruns:0 frame:0
          TX packets:239778 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:655739450 (625.3 MiB)  TX bytes:27267344 (26.0 MiB)
          Interrupt:16 Base address:0x2040 

eth2      Link encap:Ethernet  HWaddr 00:01:03:BF:BE:85  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:1 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000 
          RX bytes:64 (64.0 b)  TX bytes:60 (60.0 b)
          Interrupt:17 Base address:0x6f80 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:17291 errors:0 dropped:0 overruns:0 frame:0
          TX packets:17291 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:14849894 (14.1 MiB)  TX bytes:14849894 (14.1 MiB)

ping -c3 linuxquestions.org :

Code:

PING linuxquestions.org (64.179.4.146) 56(84) bytes of data.
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=1 ttl=44 time=127 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=2 ttl=44 time=127 ms
64 bytes from web2.linuxquestions.org (64.179.4.146): icmp_seq=3 ttl=44 time=127 ms

--- linuxquestions.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3434ms
rtt min/avg/max/mdev = 127.108/127.260/127.535/0.194 ms

ping -c3 192.168.15.5 :

Code:

PING 192.168.15.5 (192.168.15.5) 56(84) bytes of data.
64 bytes from 192.168.15.5: icmp_seq=1 ttl=128 time=0.449 ms
64 bytes from 192.168.15.5: icmp_seq=2 ttl=128 time=1.28 ms
64 bytes from 192.168.15.5: icmp_seq=3 ttl=128 time=1.29 ms

--- 192.168.15.5 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.449/1.010/1.298/0.397 ms

and when i do telnet from another machine, nothing happens, i did :

Code:

sudo iptables -A INPUT -j LOG --log-level 4 -p tcp --dport 23
tail -f /var/log/messages

and still it doesn't log messages, I know it must be something I did wrong because I did it on another machine and the same happens, telnet doesn't work.

Please help me, someone, I have been working on this a week and still haven't figured it out.

win32sux · 09-24-2007, 06:48 PM

@xyrer: Since this box is the router, you wouldn't see the packet on the INPUT chain. You'd see it on the FORWARD chain. Also, it seems obvious you are trying to do something quite different from the OP, as you are DNATing and he is just SNATing. IMHO your question deserves its own thread, and I've asked this forum's moderators if they could do that (my powers are limited to the Security forum).

xyrer · 09-24-2007, 07:23 PM

well, I asked a few days ago but I had no response so far, maybe you could shed a little light about this matter? I have been trying this for more than a week now.
Thanks.

acid_kewpie · 09-25-2007, 03:41 AM

i've split this thread out, but from what i can see you've not asked this before. you had some question sabout squid, but this isn't a squid question in any way.

you also decided to answer a question that has been unanswered for 4 years... i'd not recommend doing that, it gets very messy.

xyrer · 09-26-2007, 10:24 AM

Thanks, it's just that in Windows the forwarding is being done by the wingate proxy, so I thought it was squid's job to do that also, I hope I can find the answer I am looking for here.

acid_kewpie · 09-26-2007, 12:29 PM

well do you want routing / forwarding or do you want proxying? what is the end game? what do you want / need to provide to the userbase?

xyrer · 09-27-2007, 09:27 AM

Hi, I resolved it last night thanks to howtoforge.com, as I thought, it was a mistake caused by my ignorance on this subject. Routing, forwarding and nat require a single ethernet card, no aliases, I was trying to forward telnet traffic from eth0 to eth0:0.

I found that I had to get another ethernet card for the output, now I have 3 ethernet cards on the server, 1 for public ip, 1 for the general subnet and another for the unix server subnet.

Now everything works just fine, if I just knew this before...

Well, I'm grateful with everyone who has tried to answer to this, and I hope anyone else who's in my situation, read this and realizes the problem.

Thanks to everyone.