please help, I can't get IP masquerading to work on same LAN device, Suse10.2
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
please help, I can't get IP masquerading to work on same LAN device, Suse10.2
Hi all
I'm trying to accomplish something simple, but can't get it to work.
I have a Netgear DG836GTUK ADSL + wife modem, which I set to "modem mode", and then configured PPPoE on OpenSuse10.2 to establish a connection to the internet via dsl0. This works fine, and everyone on the linux box to the internet works fine.
Thus, I have:
{internet}--{ADSL modem}--{Linux server}
|
---{wireless network}
I then have DHCP dishing out IP's to the wireless LAN, which also works fine. The client PC's get an IP address, and can ping any host on the internet, yet I cannot access email, www, ftp, ssh, etc on the internet from the client PC's.
I have tried setting the eth0 device in either local (unprotected) or external (protected) mode, but it doesn't work. I also have IP Masquerading enabled, and dsl0 is set to external mode. Can someone please help me with this?
when I run iptables -L -v, I get a LONG list of entries, which I don't know where it came from. In YaST, under firewall, I only enabled IP Masquerading & SSH & HTTP on the external interfaces.
Quote:
backup2:~ # iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
24 2112 ACCEPT 0 -- lo any anywhere anywhere
268 17329 ACCEPT 0 -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 input_ext 0 -- any any anywhere anywhere policy match dir in pol ipsec proto esp
1 328 input_int 0 -- eth0 any anywhere anywhere
0 0 input_int 0 -- eth2 any anywhere anywhere
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
0 0 DROP 0 -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
0 0 forward_ext 0 -- any any anywhere anywhere policy match dir in pol ipsec proto esp
0 0 forward_ext 0 -- any any anywhere anywhere policy match dir out pol ipsec proto esp
0 0 forward_int 0 -- eth0 any anywhere anywhere
0 0 forward_int 0 -- eth2 any anywhere anywhere
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
0 0 DROP 0 -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
24 2112 ACCEPT 0 -- any lo anywhere anywhere
322 95546 ACCEPT 0 -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
0 0 DROP 0 -- any any anywhere anywhere
Chain forward_int (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
0 0 reject_func 0 -- any any anywhere anywhere
Chain input_ext (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = broadcast
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED,ESTABLISHED icmp redirect
0 0 ACCEPT esp -- any any anywhere anywhere
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipsec-nat-t
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp
0 0 reject_func tcp -- any any anywhere anywhere tcp dpt:ident state NEW
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 DROP 0 -- any any anywhere anywhere PKTTYPE = multicast
0 0 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG 0 -- any any anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
0 0 DROP 0 -- any any anywhere anywhere
Chain input_int (2 references)
pkts bytes target prot opt in out source destination
1 328 ACCEPT 0 -- any any anywhere anywhere
Chain reject_func (2 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT udp -- any any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT 0 -- any any anywhere anywhere reject-with icmp-proto-unreachable
As I said, from the Windows client PC, I can ping google.co.za, but I can't access the website.
Quote:
C:\Documents and Settings\LordMerlin>tracert google.co.za
Tracing route to google.co.za [72.14.207.104]
over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 192.168.0.12
2 21 ms 22 ms 22 ms dsl-245-0-01.telkomadsl.co.za [41.245.0.1]
3 * * * Request timed out.
4 * * * Request timed out.
5 27 ms 24 ms 24 ms 196.43.33.2
6 24 ms 23 ms 22 ms 196.43.33.5
7 314 ms 315 ms 313 ms lon-ip-dir-telecity-pos-7-1.telkom-ipnet.co.za [196.43.9.157]
8 339 ms 345 ms 378 ms 83.245.126.125
9 409 ms 382 ms 384 ms 209.85.252.42
10 434 ms 391 ms 389 ms 64.233.175.213
11 351 ms * 349 ms 72.14.233.115
12 347 ms 346 ms 351 ms 66.249.94.92
13 357 ms 357 ms 349 ms 72.14.236.134
14 350 ms 350 ms 354 ms eh-in-f104.google.com [72.14.207.104]
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.