LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-17-2007, 10:23 AM   #1
SoftDux
LQ Newbie
 
Registered: Jul 2006
Location: Johannesburg, South Africa
Distribution: Suse, Ubuntu, Fedora Core
Posts: 14

Rep: Reputation: 0
please help, I can't get IP masquerading to work on same LAN device, Suse10.2


Hi all

I'm trying to accomplish something simple, but can't get it to work.

I have a Netgear DG836GTUK ADSL + wife modem, which I set to "modem mode", and then configured PPPoE on OpenSuse10.2 to establish a connection to the internet via dsl0. This works fine, and everyone on the linux box to the internet works fine.
Thus, I have:
{internet}--{ADSL modem}--{Linux server}
|
---{wireless network}


I then have DHCP dishing out IP's to the wireless LAN, which also works fine. The client PC's get an IP address, and can ping any host on the internet, yet I cannot access email, www, ftp, ssh, etc on the internet from the client PC's.

I have tried setting the eth0 device in either local (unprotected) or external (protected) mode, but it doesn't work. I also have IP Masquerading enabled, and dsl0 is set to external mode. Can someone please help me with this?

when I run iptables -L -v, I get a LONG list of entries, which I don't know where it came from. In YaST, under firewall, I only enabled IP Masquerading & SSH & HTTP on the external interfaces.


Quote:
backup2:~ # iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
24 2112 ACCEPT 0 -- lo any anywhere anywhere
268 17329 ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 input_ext 0 -- any any anywhere anywhere policy match dir in pol ipsec proto esp
1 328 input_int 0 -- eth0 any anywhere anywhere
0 0 input_int 0 -- eth2 any anywhere anywhere
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
0 0 DROP 0 -- any any anywhere anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
0 0 forward_ext 0 -- any any anywhere anywhere policy match dir in pol ipsec proto esp
0 0 forward_ext 0 -- any any anywhere anywhere policy match dir out pol ipsec proto esp
0 0 forward_int 0 -- eth0 any anywhere anywhere
0 0 forward_int 0 -- eth2 any anywhere anywhere
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
0 0 DROP 0 -- any any anywhere anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
24 2112 ACCEPT 0 -- any lo anywhere anywhere
322 95546 ACCEPT 0 -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_ext (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
0 0 DROP 0 -- any any anywhere anywhere

Chain forward_int (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
0 0 reject_func 0 -- any any anywhere anywhere

Chain input_ext (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = broadcast
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 ACCEPT esp -- any any anywhere anywhere
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipsec-nat-t
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp
0 0 reject_func tcp -- any any anywhere anywhere tcp dpt:ident state NEW
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
0 0 DROP 0 -- any any anywhere anywhere

Chain input_int (2 references)
pkts bytes target prot opt in out source destination
1 328 ACCEPT 0 -- any any anywhere anywhere

Chain reject_func (2 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT udp -- any any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT 0 -- any any anywhere anywhere reject-with icmp-proto-unreachable

Quote:
backup2:~ # sysctl -a |grep forward | grep ipv4
net.ipv4.conf.eth2.mc_forwarding = 0
net.ipv4.conf.eth2.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
As I said, from the Windows client PC, I can ping google.co.za, but I can't access the website.


Quote:
C:\Documents and Settings\LordMerlin>tracert google.co.za

Tracing route to google.co.za [72.14.207.104]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 192.168.0.12
2 21 ms 22 ms 22 ms dsl-245-0-01.telkomadsl.co.za [41.245.0.1]
3 * * * Request timed out.
4 * * * Request timed out.
5 27 ms 24 ms 24 ms 196.43.33.2
6 24 ms 23 ms 22 ms 196.43.33.5
7 314 ms 315 ms 313 ms lon-ip-dir-telecity-pos-7-1.telkom-ipnet.co.za [196.43.9.157]
8 339 ms 345 ms 378 ms 83.245.126.125
9 409 ms 382 ms 384 ms 209.85.252.42
10 434 ms 391 ms 389 ms 64.233.175.213
11 351 ms * 349 ms 72.14.233.115
12 347 ms 346 ms 351 ms 66.249.94.92
13 357 ms 357 ms 349 ms 72.14.236.134
14 350 ms 350 ms 354 ms eh-in-f104.google.com [72.14.207.104]

Trace complete.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Lan on SuSE10: HORROR!!! Monkey 9 SUSE / openSUSE 20 02-09-2007 07:40 AM
SUSE10 LAN Problem RovingCalypso Linux - Networking 1 10-06-2006 01:13 PM
SuSE10.0 BCM4306 802.11b/g Wireless LAN Controller feipeng Linux - Wireless Networking 5 04-02-2006 11:41 PM
No Internet but LAN and VPN connect LAN work fine??? xavior SUSE / openSUSE 7 11-09-2005 01:14 PM
Newbie Help : can i setup IP Masquerading with a device alias ? venicivivedi Linux - Networking 2 05-03-2004 12:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration