LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   please help, I can't get IP masquerading to work on same LAN device, Suse10.2 (https://www.linuxquestions.org/questions/linux-networking-3/please-help-i-cant-get-ip-masquerading-to-work-on-same-lan-device-suse10-2-a-592511/)

SoftDux 10-17-2007 10:23 AM
please help, I can't get IP masquerading to work on same LAN device, Suse10.2
 
Hi all

I'm trying to accomplish something simple, but can't get it to work.

I have a Netgear DG836GTUK ADSL + wife modem, which I set to "modem mode", and then configured PPPoE on OpenSuse10.2 to establish a connection to the internet via dsl0. This works fine, and everyone on the linux box to the internet works fine.
Thus, I have:
{internet}--{ADSL modem}--{Linux server}
|
---{wireless network}


I then have DHCP dishing out IP's to the wireless LAN, which also works fine. The client PC's get an IP address, and can ping any host on the internet, yet I cannot access email, www, ftp, ssh, etc on the internet from the client PC's.

I have tried setting the eth0 device in either local (unprotected) or external (protected) mode, but it doesn't work. I also have IP Masquerading enabled, and dsl0 is set to external mode. Can someone please help me with this?

when I run iptables -L -v, I get a LONG list of entries, which I don't know where it came from. In YaST, under firewall, I only enabled IP Masquerading & SSH & HTTP on the external interfaces.


Quote:
backup2:~ # iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
24 2112 ACCEPT 0 -- lo any anywhere anywhere
268 17329 ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 input_ext 0 -- any any anywhere anywhere policy match dir in pol ipsec proto esp
1 328 input_int 0 -- eth0 any anywhere anywhere
0 0 input_int 0 -- eth2 any anywhere anywhere
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
0 0 DROP 0 -- any any anywhere anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
0 0 forward_ext 0 -- any any anywhere anywhere policy match dir in pol ipsec proto esp
0 0 forward_ext 0 -- any any anywhere anywhere policy match dir out pol ipsec proto esp
0 0 forward_int 0 -- eth0 any anywhere anywhere
0 0 forward_int 0 -- eth2 any anywhere anywhere
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
0 0 DROP 0 -- any any anywhere anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
24 2112 ACCEPT 0 -- any lo anywhere anywhere
322 95546 ACCEPT 0 -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_ext (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
0 0 DROP 0 -- any any anywhere anywhere

Chain forward_int (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
0 0 reject_func 0 -- any any anywhere anywhere

Chain input_ext (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = broadcast
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 ACCEPT esp -- any any anywhere anywhere
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipsec-nat-t
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp
0 0 reject_func tcp -- any any anywhere anywhere tcp dpt:ident state NEW
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
0 0 DROP 0 -- any any anywhere anywhere

Chain input_int (2 references)
pkts bytes target prot opt in out source destination
1 328 ACCEPT 0 -- any any anywhere anywhere

Chain reject_func (2 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT udp -- any any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT 0 -- any any anywhere anywhere reject-with icmp-proto-unreachable

Quote:
backup2:~ # sysctl -a |grep forward | grep ipv4
net.ipv4.conf.eth2.mc_forwarding = 0
net.ipv4.conf.eth2.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
As I said, from the Windows client PC, I can ping google.co.za, but I can't access the website.


Quote:
C:\Documents and Settings\LordMerlin>tracert google.co.za

Tracing route to google.co.za [72.14.207.104]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.0.12
2 21 ms 22 ms 22 ms dsl-245-0-01.telkomadsl.co.za [41.245.0.1]
3 * * * Request timed out.
4 * * * Request timed out.
5 27 ms 24 ms 24 ms 196.43.33.2
6 24 ms 23 ms 22 ms 196.43.33.5
7 314 ms 315 ms 313 ms lon-ip-dir-telecity-pos-7-1.telkom-ipnet.co.za [196.43.9.157]
8 339 ms 345 ms 378 ms 83.245.126.125
9 409 ms 382 ms 384 ms 209.85.252.42
10 434 ms 391 ms 389 ms 64.233.175.213
11 351 ms * 349 ms 72.14.233.115
12 347 ms 346 ms 351 ms 66.249.94.92
13 357 ms 357 ms 349 ms 72.14.236.134
14 350 ms 350 ms 354 ms eh-in-f104.google.com [72.14.207.104]

Trace complete.


All times are GMT -5. The time now is 01:35 PM.