NAT configuration issue

priley86 · 02-05-2009, 08:14 PM

Hi all,

This is my first attempt at setting up a NAT on a Linux cluster for school project. We are trying to forward the connection from the head node to the internal node. The head node is using Fedora Core 10 and I found what appeared to be great guides on setting this up: http://www.howtoforge.com/nat_iptables and http://meinit.nl/howto-use-nat-on-fe...-with-iptables. I followed both and had no issues configuring the iptables service and enabling the ethernet devices. The problem is the internal nodes can't ping external sites, only the head node which is connected via the Linksys switch. I made sure the Gateway IP of the internal nodes matched the IP of the internal NIC on the head node, however it doesn't appear to be of much use. Any suggestions? Does anything in my configuration jump out as being a problem? Thanks for any advice u might have.

eth0:
BOOTPROTO=none
PEERDNS=yes
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth0
NETMASK=255.255.0.0 # Specify based on your requirement
BROADCAST=""
IPADDR=192.168.2.1 # Gateway of the LAN
NETWORK=192.168.0.0 # Optional
USERCTL=no
ONBOOT=yes

eth1:
# Intel Corporation 82541PI Gigabit Ethernet Controller
DEVICE=eth1
BOOTPROTO=dhcp
HWADDR=00:0e:0c:dd:3d:ca
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes

eth0 Link encap:Ethernet HWaddr 00:19

1:E5:E1:5C
inet addr:192.168.2.1 Bcast:192.168.255.255 Mask:255.255.0.0
inet6 addr: fe80::219:d1ff:fee5:e15c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:883 errors:0 dropped:0 overruns:0 frame:0
TX packets:609 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:80012 (78.1 KiB) TX bytes:68961 (67.3 KiB)
Memory:90400000-90420000

eth1 Link encap:Ethernet HWaddr 00:0E:0C

D:3D:CA
inet addr:136.165.66.104 Bcast:136.165.67.255 Mask:255.255.254.0
inet6 addr: fe80::20e:cff:fedd:3dca/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5220 errors:0 dropped:0 overruns:0 frame:0
TX packets:1544 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1382918 (1.3 MiB) TX bytes:409997 (400.3 KiB)

Client:
IP Addr: 192.168.1.0
Subnet Mask: 255.255.0.0
Default Gateway: 192.168.2.1
Preferred DNS: 136.165.253.57
Alternate DNS: 136.165.253.89

blackhole54 · 02-06-2009, 12:41 AM

Hi,

Welcome to LQ.

Did you enable IP forwarding on the head node? (I am assuming it is not just pings that fail but that you can't get to external sites at all from the internal nodes.) I am guessing there is a way to do enable IP forwarding via a GUI, but I am used to doing it with config files. Assuming you are just using IPv4 (as opposed to IPv6) you can add

Code:

net.ipv4.ip_forward = 1

to /etc/sysctl.conf.

This will automatically get applied at every boot. To apply this immediately w/o rebooting, as root run:

Code:

sysctl -p

BTW, take a look at my signature (bottom of this post) about "code tags." If you use them when you post, among other things, you won't end up with the "smileys" in the middle of your computer output!

priley86 · 02-07-2009, 04:24 PM

hey blackhole,

thanks for the suggestion, but I had already ensured that ip forwarding was enabled. I ended up making a few changes to the subnet mask so that the internal NIC mask matched the external NIC mask, and I changed the ip settings on the internal NIC as well. I also found another article which seemed to explain this process a little bit better. Here is the link and my new working configuration!

http://www.nerdgrind.com/set-up-nat-...bles-firewall/

Config setup and (commands issued):

Code:

"/etc/sysconfig/network-scripts/ifcfg-eth0"
BOOTPROTO=static
PEERDNS=yes
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth0
NETMASK=255.255.254.0        # Specify based on your requirement
BROADCAST=""
IPADDR=192.168.0.1        # Gateway of the LAN
USERCTL=no
ONBOOT=yes

"/etc/sysconfig/network-scripts/ifcfg-eth1"
# Intel Corporation 82541PI Gigabit Ethernet Controller
DEVICE=eth1
BOOTPROTO=dhcp
HWADDR=00:0e:0c:dd:3d:ca
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=yes

[user@titin ~]$ sudo iptables -t nat -F
[user@titin ~]$ sudo iptables -t mangle -F
[user@titin ~]$ sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[user@titin ~]$ sudo iptables -A FORWARD -i eth0 -j ACCEPT

[user@titin ~]$ sudo service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[user@titin ~]$ sudo service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: mangle nat filte[  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[user@titin ~]$ sudo /etc/init.d/network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Disabling IPv4 packet forwarding:  net.ipv4.ip_forward = 0
                                                           [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
Bringing up interface eth1: 
Determining IP information for eth1... done.
                                                           [  OK  ]
[user@titin ~]$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:19:D1:E5:E1:5C 
          inet addr:192.168.0.1  Bcast:192.168.1.255  Mask:255.255.254.0
          inet6 addr: fe80::219:d1ff:fee5:e15c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1261 errors:0 dropped:0 overruns:0 frame:0
          TX packets:742 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:115164 (112.4 KiB)  TX bytes:81237 (79.3 KiB)
          Memory:e0400000-e0420000

eth1      Link encap:Ethernet  HWaddr 00:0E:0C:DD:3D:CA 
          inet addr:136.165.66.104  Bcast:136.165.67.255  Mask:255.255.254.0
          inet6 addr: fe80::20e:cff:fedd:3dca/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7152 errors:0 dropped:0 overruns:0 frame:0
          TX packets:498 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1138344 (1.0 MiB)  TX bytes:71323 (69.6 KiB)

Client config:
IP addr: 192.168.0.2
Subnet Mask: 255.255.254.0
Default gateway: 192.168.0.1
Preferred DNS: 136.165.253.57
Alternate DNS: 136.165.253.89