LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-23-2008, 04:05 PM   #1
mikeotieno
Member
 
Registered: Jun 2006
Location: Kenya
Distribution: SUSE OSS 10.1, Fedora 9 x86-64
Posts: 71

Rep: Reputation: 15
Post Problem with NAT using iptable


hi guys
Am trying to configure a Fedora box to NAT a LAN of 10.0.0.32/30 network to a public ip but am getting an error when i try connecting to the internet from the LAN.

Internet >> Fedora box >>>(10.0.0.33/30) > LAN pc (10.0.0.34/30)

1. my /etc/sysconfig/iptables file is as below
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

2. ip forwarding is enabled
[root@localhost ~]# sysctl -p /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
[root@localhost ~]#

3. From the LAN pc am getting the below on a ping to the DNS and a traceroute

mike@localhost network-scripts]$ ping 196.201.231.171
PING 196.201.231.171 (196.201.231.171) 56(84) bytes of data.
From 10.0.0.33 icmp_seq=1 Destination Host Prohibited
From 10.0.0.33 icmp_seq=2 Destination Host Prohibited
From 10.0.0.33 icmp_seq=3 Destination Host Prohibited
From 10.0.0.33 icmp_seq=4 Destination Host Prohibited

--- 196.201.231.171 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 2999ms

[mike@localhost network-scripts]$ traceroute 196.201.231.171
traceroute to 196.201.231.171 (196.201.231.171), 30 hops max, 40 byte packets
1 (10.0.0.33) 0.168 ms 0.129 ms 0.081 ms
2 (10.0.0.33) 0.114 ms !X 0.122 ms !X 0.123 ms !X
[mike@localhost network-scripts]$



is there anything am missing out? please help
 
Old 09-25-2008, 02:51 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
Yes you are missing something. You are not allowing the traffic from the LAN to cross to the internet on the FORWARD chain and return traffic back.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
what is an iptable? & how to seperate the network on the basis of iptable vinod.wagh Linux - Networking 1 09-11-2008 02:28 AM
forwarding packets with iptable and nat notsosmart Linux - Newbie 2 10-20-2006 04:07 AM
Susefirewall2 Nat Problem / nat 1:1 trubi Linux - Distributions 0 07-20-2004 06:50 AM
Iptable NAT issues and DCC Kristijan Linux - Security 9 01-08-2004 08:12 AM
iptable problem on 2.6.0 nikhil93 Linux - Networking 1 01-06-2004 02:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration