Dear All,
I'm newbie in RH7 Networking but I'd like to use it to make a new server with one Nic and some vlan to route traffic from private to public.

This is the scenario:

ETH0: 10.0.199.199 / 16
ETH0.2: 10.2.0.251 / 16
ETH0.101: 1.1.1.1 / 24 (public)
GATEWAY 1.1.1.254

all of them are in /etc/sysconfig/network-scripts/ifcfg-XXXX and also in /etc/sysconfig/network is FORWARDING=YES

Before start I read some guide and I've made this settings:

net.ipv4.ip_forwarding = 1
all iptables chains flush and set to ACCEPT (only for debug purpose) , also set masquearding to nat traffic from private to public
iptables -t nat -A POSTROUTING -s 10.0.0.0/255.0.0.0 ! -d 10.0.0.0/255.0.0.0 -o eth0.101 -j SNAT --to-source 1.1.1.1

Firewalld is stopped because I don't want use it.

After that I've used ping to make test:

[root@centos-7 ~]# ping -I eth0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.0.199.199 eth0: 56(84) bytes of data.
From 10.0.0.9 icmp_seq=1 Packet filtered
From 10.0.0.9 icmp_seq=2 Packet filtered

but as you can see it doesn't work !

Any ideas ?

Thanks a lot.
Regards
Willy

The message "Packet Filtered" is from the iptables


http://tomoyo.osdn.jp/cgi-bin/lxr/so...r/ipt_REJECT.c

Also if you tcpdump the interface you could verify if the message is filtered by who

if you have more time ...

[root@centos-7 ~]# netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 1.1.1.254 0.0.0.0 UG 0 0 0 eth0.101
10.0.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
10.2.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0.2
1.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.101


[root@centos-7 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

[root@centos-7 ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.0.0.0/8 !10.0.0.0/8 to:1.1.1.1

wth tcpdump I don't see anything:

[root@centos-7 ~]# tcpdump -i eth0.101 -e icmp[icmptype] == 8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.101, link-type EN10MB (Ethernet), capture size 65535 bytes


many thanks again.
Regards
W.

Couple of questions:

1. Is the port that the cables coming out of eth0 plugged into a trunk port?
Only a trunk port can carry multiple vlans.

2. Are you going to allow traffic from one network to cross over to another network through your system?
If not than FORWARDing isn't required. Forwarding allows you to cross from one network to another turning your system into a router.

the problem was inside nat because I've applied POSTROUTING to non existant interface !
Many thanks
Willy