LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page NAT problem
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-05-2004, 06:34 AM   #1
Obscure
Member
 
Registered: Apr 2003
Location: Milan
Distribution: Slackware 10 / FreeBSD 5.3
Posts: 175

Rep: Reputation: 32
NAT problem

Hi

Hi!!
I have a simple trouble to solve but I miss something...
I need to use internet connection on my FreeBSD machine (LOKI) that stays connected to my main desktop pc (THOR):

LOKI ---- eth -----> THOR ---- ppp0 ----> Internet

Loki:
192.168.254.3 FreeBSD 5.2.1 on Toshiba Laptop

Thor:
192.168.254.1 Slackware Linux 9.0 kernel 2.4.25 connected to internet with ppp0 interface on dial-up 56k modem...

The connection beetwen thor&loki works..

The FreeBSD machine seems to be well configured:
- has an ip address
- has as default gateway 192.168.254.1 (thor)
Code:
#netstat -r 

Routing tables
                                                                                
Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default              thor            UGS        0       216  fxp0
localhost          localhost          UH        0        0    lo0
192.168.254        link#1             UC        0        0    fxp0      3
thor                 00:e0:18:fc:6d:c2  UHLW   1        7    fxp0
On LINUX I did:

- set NAT with iptables:
Code:
             iptabes -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
             echo 1 > /proc/sys/net/ipv4/ip_forward
this is the gateway route table:
Code:
]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
dial3.planet.it *               255.255.255.255 UH    0      0        0 ppp0
localnet        *               255.255.255.0   U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         dial3.planet.it 0.0.0.0         UG    0      0        0 ppp0
This is iptables NAT table:
Code:
 iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 340 packets, 25285 bytes)
 pkts bytes target     prot opt in     out     source               destination
 
Chain POSTROUTING (policy ACCEPT 11 packets, 756 bytes)
 pkts bytes target     prot opt in     out     source               destination
  166 10077 MASQUERADE  all  --  any    ppp0    anywhere             anywhere
 
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

PROBLEM: The 2nd pc (Loki) can't use internet connection!


Someone should help me please??
Tnx VM
 
Old 03-05-2004, 07:06 AM   #2
Obscure
Member
 
Registered: Apr 2003
Location: Milan
Distribution: Slackware 10 / FreeBSD 5.3
Posts: 175

Original Poster
Rep: Reputation: 32
Next step...

Disabling the firewall policies (ACCEPT) NAT is workin good.....

Something goes wrong with my firewall configuration:
Code:
#!/bin/sh
#0bscure rc.firewall init script
#
#ver 0.1b - 25/01/04
#
echo "Starting Firewall.."
 
LOCALIF="eth0"
EXTERNALIF="ppp0"
 
#Set iptables location
IPTABLES="/usr/sbin/iptables"
 
# -----------------------------------------------------
#Iptables Modules Loading
#------------------------------------------------------
 /sbin/modprobe ip_tables
 /sbin/modprobe ip_conntrack
 /sbin/modprobe iptable_nat
 
 echo "Modules Loaded.."
  
#------------------------------------------------------
#Flushing Rules
#------------------------------------------------------
 $IPTABLES -F
 $IPTABLES -X
 $IPTABLES -F -t nat
  
echo "Flushing.."
 
#-------------------------------------------------------
#Setting DROP policy
#-------------------------------------------------------
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
                                                                                                                 
echo "Policy setted.."
                                                                                                                 
#---------------------------------------------------------
#  -- SETING NAT--
#---------------------------------------------------------
                                                                                                                 
$IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
                                                                                                                 
echo "NAT ok.."
                                                                                                                 
#---------------------------------------------------------
# --SETTING INPUT CHAINS--
#---------------------------------------------------------
#Drop unclean packages
$IPTABLES -A INPUT -m unclean -j DROP
                                                                                                                 
#Protect the firewall from icmp DoS
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type 8 -m length --length 128:65535 -j DROP
                                                                                                                 
#Accept connections estabilished
$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
                                                                                                                 
#Accept localhost packets
$IPTABLES -A INPUT -s 127.0.0.1/255.0.0.0 -j ACCEPT
                                                                                                                 
#Accept LAN packets
$IPTABLES -A INPUT -s 192.168.254.0/255.255.255.0 -j ACCEPT
                                                                                                                 
                                                                                                                 
#------------------------------------------------------------
# --SETTING OUTPUT CHAINS--
#------------------------------------------------------------
#Accept all in output
$IPTABLES -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
                                                                                                                 
echo "Done!"
echo "Firewall started"
What is wrong in my iptables config???
Tnx VM
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT problem akmon Linux - Networking 1 11-10-2005 11:00 AM
Susefirewall2 Nat Problem / nat 1:1 trubi Linux - Distributions 0 07-20-2004 05:50 AM
NAT problem Comatose51 Linux - Networking 1 06-23-2003 10:41 PM
What's the difference between Linux-NAT and Sygate-NAT? yuzuohong Linux - Networking 0 08-07-2002 04:07 AM
RH 7.3 NAT problem guanyu Linux - Networking 13 07-02-2002 05:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:34 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration