LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-30-2001, 05:59 AM   #1
GOLDF1NG3R
LQ Newbie
 
Registered: Jul 2001
Location: UK
Distribution: RH 7.1
Posts: 24

Rep: Reputation: 15
Iptables Masquerading


I am trying to setup ip masquerading on my home network but am having some troubles!

My first machine (router) has two interfaces eth0,eth1. eth0 is on the internet, eth1 internal. I have tried to setup masquerading with the following rules.

iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

I have setup up another machine with this machine as it's gateway and tried to ping a server. I get:

Redirect Host(New nexthop: 10.255.255.254)
Destination Host unreachable

The routers IP is 10.116.0.1 (internal) which makes me wonder about the ip given for nexthop.

Sorry if this is messy or doesn't make much sense but i'm writing this using lynx on a console (due to this problem!)

Any help would be greatly appreciated!
Chris
 
Old 10-30-2001, 09:10 AM   #2
KevinJ
Member
 
Registered: Feb 2001
Location: Colorado Springs, CO
Distribution: Redhat v8.0 (soon to be Fedora? or maybe I will just go back to Slackware)
Posts: 857

Rep: Reputation: 30
What is the total output for 'ifconfig' on both machines?

or better yet, what does /etc/sysconfig/network-scripts/ifcfg-eth0 and /etc/sysconfig/network-scripts/ifcfg-eth1 show on both machines?

What does 'route' show on both machines?
 
Old 10-31-2001, 04:58 AM   #3
GOLDF1NG3R
LQ Newbie
 
Registered: Jul 2001
Location: UK
Distribution: RH 7.1
Posts: 24

Original Poster
Rep: Reputation: 15
I have looked at the output of route on the router machine and it appears that the IP address given for nexthop is the default gateway for eth1 (the internal interface).

Within 'ifcfg-eth1' no gateway is set up. Does this need to be done?

To my mind this seems to mean that iptables is trying to pass the masqueraded packets through the wrong interface, even though the '-o' option is set to eth0 (external interface).

Any idea why?

Cheers,

Chris
 
Old 10-31-2001, 01:25 PM   #4
KevinJ
Member
 
Registered: Feb 2001
Location: Colorado Springs, CO
Distribution: Redhat v8.0 (soon to be Fedora? or maybe I will just go back to Slackware)
Posts: 857

Rep: Reputation: 30
Here is how I usually set it up:

I configure the external NIC with the gateway and IP addy that my ISP provides. I configure the internal NIC with an internal IP but I use the external NIC as the gateway. All of that shows up in the ifcfg-eth? scripts.

I make sure that I have ip_forward on and I set the MASQ up in IPCHAINS. Restart your network after doing all that and you shouuld be good to go.

The routing should be set up correctly automatically once you get the other IP info correct for each NIC.
 
Old 11-01-2001, 04:34 AM   #5
GOLDF1NG3R
LQ Newbie
 
Registered: Jul 2001
Location: UK
Distribution: RH 7.1
Posts: 24

Original Poster
Rep: Reputation: 15
Thanks for your help kevin. It turned out in the end to be a spurious entry in /etc/sysconfig/network. I believe this was caused by the use of the 'netconfig' program. I had originally configured everything by hand, and when it didn't work I used this program! Guess that'll teach me for trying to do things the quick way!!!!

Cheers,

Chris
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables : masquerading not possible iamtux Linux - Networking 3 06-04-2005 11:32 PM
squid and iptables masquerading egyptian Linux - Security 1 09-05-2004 04:31 AM
iptables masquerading troubles caremaker Linux - Networking 6 01-07-2004 06:21 PM
iptables MASQUERADING at boot krishanprath Linux - Newbie 2 09-30-2003 07:41 AM
Iptables Masquerading GOLDF1NG3R Linux - Security 3 11-10-2001 11:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration