LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page iptables and routing
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-15-2008, 04:42 AM   #1
hquinn
LQ Newbie
 
Registered: Mar 2008
Posts: 1

Rep: Reputation: 0
iptables and routing

Hi guys

* My hardware layout looks like this:

Windows XP
DHCP (192.168.1.100/24)
|
|
Static (192.168.1.5/24)
Slackware Linux
Static (192.168.2.5/24)
|
|
Static (192.168.2.1/24)
iBurst Desktop Modem
DHCP ? (whatever assigned)
|
|
Internet

* route -n gives:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
41.208.200.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0

* Once the Slack box is connected to the internet the following command is run:

/usr/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE

all other rules are empty when I check...

* cat /proc/sys/net/ipv4/ip_forward yields:

1

* From the Windows XP host I can:
* ping any host on the internet.
* tracert to any host on the internet.
* SSH (putty) to any host on the internet.
* telnet on say port 110

(the host must obviously be configured to respond to the above request...)

* If squid is started and the following command is run:
usr/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

then browsing works perfectly

-------------------------------------------------------------------------

I can not browse the internet with IE. The page is found but the browser waits indefinately for data.

Could someone please enlighten me? I am deliberately trying to configure a completely open gateway with the least configuration necessary and no proxy for browsing.

Some info on usefull iptables logging for this situation would also be greatly appreciated.

Thanks
 
Old 03-15-2008, 06:23 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
You could have MTU issues, fix with
Code:
iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
An may be fix the masquerade as well as not you are doing masquerading on all interfaces

Code:
/usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Routing with IPTables help jet-lee Linux - Networking 9 01-18-2008 12:48 AM
iptables routing Jaidan Linux - Networking 1 10-09-2007 03:59 PM
iptables routing CJ_Grobler Linux - Security 1 06-14-2005 02:13 AM
More Help routing with iptables LAR12345 Linux - Networking 2 02-02-2003 10:28 AM
routing with iptables Han_Solo Linux - Security 0 10-28-2001 06:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:52 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration