External MASQ ICMP forwarding test fails
Hi, I am trying to get NAT working but I am having some trouble on this step
http://en.tldp.org/HOWTO/IP-Masquera...masq-icmp.html I looked on google but the only answer I found was for people using ipchains, I am using iptables. I am using the 2.6 kernel, which may be a problem, and also when I try to start it up I get the following output: [root@x1-6-00-09-5b-62-fe-80 sbin]# /etc/rc.d/rc.firewall-2.4 Loading simple rc.firewall version 0.75.. External Interface: eth0 Internal Interface: eth1 loading modules: - Verifying that all kernel modules are ok ---------------------------------------------------------------------- ip_tables, ip_conntrack, ip_conntrack_ftp, ip_conntrack_irc, iptable_nat, ip_nat_ftp, ---------------------------------------------------------------------- Done loading modules. Enabling forwarding.. Enabling DynamicAddr.. Clearing any existing rules and setting default policy.. FWD: Allow all connections OUT and only existing and related ones IN Enabling SNAT (MASQUERADE) functionality on eth0 iptables: Invalid argument Done. [root@x1-6-00-09-5b-62-fe-80 sbin]# I did do a 'whereis iptables' and it said /sbin/iptables so thats what I set in my rc.firewall-2.4 file. All of the other tests work, I am just having trouble getting past this one. someone told me that it's probably because the kernel is not compiled correctly, any other ideas/suggestions so I can get it working? Thanks. |
naw, the problem is about your PATH prolly
try echo $PATH before your try to run your firewall... /sbin is probably not in your PATH at this time (you are running it at boot time right?). Or maybe you are not root? ... or maybe you typed a very bad command, if the command seems to do not end on a line, iptables read the next line (beginning by "iptables" probably). Could you post that command? |
Quote:
I am root when I tried it. All I typed in was this: /etc/rc.d/rc.firewall-2.4 is that what you mean? Sorry, but this is all a little bit new to me. Thanks for the help though. I also did 'chmod 700 /etc/rc.d/rc.firewall-2.4' like the howto said. The NAT server can ping external ip's but not the internal clients. |
Ok, well I tried the quick tutorial http://tldp.org/HOWTO/Masquerading-S...O/summary.html and when I enter [root@x1-6-00-09-5b-62-fe-80 thomas]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 67.167.203.xxx
iptables: Invalid argument [root@x1-6-00-09-5b-62-fe-80 thomas]# the same thing happens. (of course I blocked out my ip with xxx so people don't try to mess with me.) Anyone have any ideas? I am running iptables 1.2.9 and the 2.6 kernel. It could be because this is Mandrake Cooker. Thanks yet again. I think I might wait for Fedora Core 2 or just get core 1 and try, one of my friends got it working that way. *EDIT here we go, looks like I have to recompile iptables by myself, problem between the kernel and iptables, http://archives.mandrakelinux.com/fi...2/msg00103.php |
Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 67.167.203.xxx Iptables error msg are sometime confusing. |
humm... well here is my output with your suggestion:
[root@x1-6-00-09-5b-62-fe-80 thomas]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 67.167.203.189 bash: iptables: command not found [root@x1-6-00-09-5b-62-fe-80 thomas]# I am going to try fedora now. |
the "iptsbles" not found command is a problem with your PATH as stated before.
echo your PATH and give the output please. Or if you don't want to mess with it, you can type the complete path like /sbin/iptables or /usr/sbin/iptables (depending where it is on your system) instead of just "iptables" Btw, if you want to stop using Linux at the first difficulty (trying another distro won't help you,no one will do everything for you like Windoze does) you're probably not ready for it. |
[root@x1-6-00-09-5b-62-fe-80 thomas]# echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/thomas/bin [root@x1-6-00-09-5b-62-fe-80 thomas]# And don't worry, I am not going to give up. oh and /sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 67.167.203.189 worked, any idea on how I can get that script working (/etc/rc.d/rc.firewall-2.4) the output from /etc/rc.d/rc.firewall-2.4 is now: [root@x1-6-00-09-5b-62-fe-80 sbin]# /etc/rc.d/rc.firewall-2.4 Loading simple rc.firewall version 0.75.. External Interface: eth0 Internal Interface: eth1 loading modules: - Verifying that all kernel modules are ok rc.firewall-2.4 v0.75 done. [root@x1-6-00-09-5b-62-fe-80 sbin]# but still I cannot ping external addresses from internal hosts. Thanks yet again |
Quote:
You could try to edit /etc/profile to add this to the path (to add, use a command like : PATH="$PATH:/usr/sbin:/sbin" Or easier you could just use a variable in the rc.iptables script open it and create a variable (as example : IPTABLES="/sbin/iptables") then use it instead of "iptables" (examples : $IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 67.167.203.189) |
**EDITED, see below.
thanks for the quick response. I did make a small mistake but still I am having some problems, I am going to try what you said right now, I will let you know how it goes. ok so her is my /etc/profile: Code:
# /etc/profile Oh also now this is what I get for rc.firewall-2.4: Code:
[root@x1-6-00-09-5b-62-fe-80 sbin]# /etc/rc.d/rc.firewall-2.4 *****EDIT: It's working, thanks alot, stupid me just had to enter the gateway address. Well I am still a bit of a newbie, hopefully anyone who is trying to get this working finds this thread helpful. |
All times are GMT -5. The time now is 11:30 PM. |