NAT problem

Baco · 01-26-2005, 07:29 PM

I have a machine running linux and another one running windows (2003 server), at 1st it was the windows machine that was directly connected to the internet and it was doing the NAT, tho I decided to change this and I had to configure the linux to do NAT.
Almost everything seems to work fine tho with torrents for exemple I can't get remote connections. I do upload tho something is not working properly.

This was the rules I had made:

Code:

#modprobe ipt_MASQERADE;
#iptables -F; iptables -t nat -F; iptables -t mangle -F;
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
echo 1 > /proc/sys/net/ipv4/ip_forward;
#iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT;
#iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT;
#iptables -P INPUT DROP;

The lines with a # have been entered only once the others have to be entered once per reboot.

If any1 could help would be nice.

Soz about my english

[EDIT]
I found out that the 1st line aint working:

Code:

FATAL: Module ipt_MASQERADE not found.

another piece of info that might help:

Code:

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Don't know if this is why tho imo the problem are the packages that are not being modified as they should...but tbh I have no ideia how to do it.
[/EDIT]

Chowroc · 01-26-2005, 07:47 PM

not ipt_MASQERADE but ipt_MASQUERADE

I think modules: ip_conntrack and ip_conntrack_ftp is needed for "-m state --state"

michaelk · 01-26-2005, 07:48 PM

Is this a spelling error or the exact command?
modprobe ipt_MASQERADE
If so then it should be
modprobe ipt_MASQuERADE

I see in the iptables rule it is spelled correctly.

The /proc is a virtual file system that only exists in RAM and is generated at boot time. You can edit the /etc/sysctl.conf file to automatically change the ip_forward to a 1 at boot.

Unless you save any new rules the old or default rules will be loaded at boot time. The following command will save your iptables rules.
service iptables save

Baco · 01-26-2005, 07:54 PM

ip_conntrack is installed ip_conntrack_ftp is not tho I don't get any msg about that.
anyway thx for the tip on the ipt_MASQUERADE tho it haven't changed much.

michaelk · 01-26-2005, 08:22 PM

You probably need to add a rule to accept bittorrent.

iptables -I INPUT -p tcp --destination-port 6881:6889 -j ACCEPT

http://dessent.net/btfaq/

Do you have any problems with the windows machine accessing the internet?

Baco · 01-26-2005, 08:38 PM

Till now everything seems to work fine, but to be honest besides POP/SMTP acess and of course acess be web I haven't tried out much services.....I have played counter strike and I still have good pings

I'll had that and see if it works.

Btw thanks to all those who replyed

Baco · 01-26-2005, 08:55 PM

If u visit this page it will tell u ur IP address and ur external IP address in case u r using nat
http://www.u.arizona.edu/~trw/games/nat_or_not.php
I got this:

Code:

initializing... initializing... 
Your local IP address is  192.168.0.2
Your global IP address is 84.90.xx.xx ( u don't have to know it :p )
It would appear that your machine does use NAT.
Your machine has an IP address of 192.168.0.2,
but your browser connected to this page from 84.90.xx.xx!
You are in the private range: 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Baco · 01-28-2005, 03:11 PM

I solved the problem!
Thx for all the help