Internet Sharing : IP Masquerade

Xing · 08-05-2005, 04:45 AM

Dear All,

I have the following setup working ...

To ISP provider <-----eth1 <------Linux Box <--------eth0 <--------ethX <------ Anybox
------------------192.168.1.3--------------------172.16.56.201-----172.16.56.206-------------

both eth0 and eth1 are on Linux Box

By keeping gateway as 172.16.56.201 on anybox, i am able to ping 192.168.1.3 but i am not able to access internet.

Now will IP Masquerade work in this case as well? How to access internet from Anybox?
Internet is working on Linux Box.

Regards

xing

win32sux · 08-05-2005, 11:17 PM

Quote:

Originally posted by Xing
Dear All,

I have the following setup working ...

To ISP provider <-----eth1 <------Linux Box <--------eth0 <--------ethX <------ Anybox
------------------192.168.1.3--------------------172.16.56.201-----172.16.56.206-------------

both eth0 and eth1 are on Linux Box

By keeping gateway as 172.16.56.201 on anybox, i am able to ping 192.168.1.3 but i am not able to access internet.

Now will IP Masquerade work in this case as well? How to access internet from Anybox?
Internet is working on Linux Box.

Regards

xing

first, you'll need to do SNAT or MASQUERADE on "Linux Box"... something like this example:

Code:

echo 0 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

iptables -F FORWARD
iptables -P FORWARD DROP

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state NEW -j ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

as for "Anybox", i'm not sure cuz i don't understand that part of your diagram...

in other words, i understand this part:

Quote:

To ISP provider <-----eth1 <------Linux Box <--------eth0

but i don't understand this part:

Quote:

<--------ethX <------ Anybox
------------------192.168.1.3--------------------172.16.56.201-----172.16.56.206-------------

Xing · 08-06-2005, 06:55 AM

Quote:

but i don't understand this part:
quote:
--------------------------------------------------------------------------------
<--------ethX <------ Anybox
------------------192.168.1.3--------------------172.16.56.201-----172.16.56.206-------------

it should be more clear this way

eth1 = 192.168.1.3
eth0 = 172.16.56.201
ethx = 172.16.56.206

Anybox is a windows machine with ethx as the LAN Card.

regards

xing

win32sux · 08-06-2005, 04:57 PM

so Anybox is a windows box with three NICs, right??

what's the IP of eth0 on Linux Box??

Xing · 08-09-2005, 01:25 AM

Dear win32sux,

if you look att he diagram; anybox, which is a windows machine has just one NIC card.. and linux box has two NIC cards..

eth0(172.16.x.x) and eth1(192.168.x.x) are NIC cards on linux box and anybox has a NIC card ethx (172.16.y.y)

i hope this makes things clear..

regards

xing

roopunix · 08-09-2005, 01:52 AM

so are windows box now able to browse the internet or not??

Xing · 08-10-2005, 05:01 AM

No, the winboxes are not able to browse internet as of now

roopunix · 08-10-2005, 07:14 AM

As i have uderestood understood you following diagram

To ISP provider <-----eth1 <------Linux Box <--------eth0 <--------ethX <------ Anybox
------------------192.168.1.3--------------------172.16.56.201-----172.16.56.206-------------

you should be doing this

iptables -t nat -A POSTROUTING -s 172.16.0.0/16 -o eth1 -j MASQUERADE

#vi /etc/sysctl.conf

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

make it to 1 then save and exit

#/sbin/sysctl.conf -p
#service iptables save

now in the windows machine give the gateway 172.16.56.201
the dns section will be the same like other machines.If you don't know ask your ISP.