NAT just won't work!

cryptwizard · 05-06-2009, 08:14 AM

So my internet interface is ppp0 and my internal interface is eth0.

Code:

root@azgalor:/# ip a s ppp0
12: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp
    inet 124.168.164.113 peer 203.55.231.88/32 scope global ppp0
root@azgalor:/# ip a s eth0
11: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether 00:1c:c0:7f:64:ea brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.2/8 brd 10.255.255.255 scope global eth0
    inet6 fe80::21c:c0ff:fe7f:64ea/64 scope link
       valid_lft forever preferred_lft forever

I ran

Code:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

and tracing out to the internet from a host on the internal network, all it gets to is the first hop.

I've also tried some other variation on Google like:

Code:

iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to 124.168.164.113

with exactly the same result.

I have no other iptables rules configured.

Oh yes, and the router's routing table:

Code:

root@azgalor:/# ip r s
203.55.231.88 dev ppp0  proto kernel  scope link  src 124.168.164.113
10.0.0.0/8 dev eth0  proto kernel  scope link  src 10.0.0.2
default dev ppp0  scope link

Any help would be appreciated!
Thanks!

acid_kewpie · 05-06-2009, 09:02 AM

Looks OK, but have you got ip_forward enabled? Check what's actually leaving your ppp0 with tcpdump - "tcpdump -vn -i ppp0"

cryptwizard · 05-07-2009, 04:21 PM

ip_forward is enabled.
I'll try to get a tcpdump later.

cryptwizard · 06-04-2009, 03:07 AM

I've tcpdumped and found that when I ping, I can see it going out ppp0, but there is no reply.
When I tcpdump on the external server that I am pinging, I can see that it is receiving the ping and sending a reply.