NAT works, but when I change machine it stops!!!
 

Hi ,
I made nat on compA ( two network interfaces )

compA-----------crossover cable------------------compB

on compB I have not any firewall, compB has ip address 192.168.1.10
Internal interface on compA has ip address 192.168.1.1--gateway for compB. I can go to internet from compB in this environment.
When I change RJ-45 jack from compB to another machine compC ( compC has the same configuration as compB previously) I can not surf any more.
OS is debian on all machines. I just switch on to other machine.
I tried to change ip address on compC ( for example 192.168.1.20 ) and I have the same situation.
I did not make any changes on compA. I did not even touch it :))

So is there any solution for this problem ?
Any comment is welcome.

Thanks in advance

:study: :mad: :confused:

could it be that compA is using source IP address filtering?? perhaps even mac address filtering?? could you post the iptables rules from compA??also, are you 100% sure that compC has the proper IP configuration?? and that it doesn't have any iptables rules of its own which could be filtering its outgoing packets?? can compC ping itself??

post the ifconfigs from compB and compC also if you can...

It is possibe ping from compA to compA and visa versa. compC can ping itself. It is possible ssh from compA to compC.
compC has not any kind of firewall.

iptables -L -n -v from compA is as follows. compC has a proper address configuration. I checked it hundred times.

iptables -L -n -v ( on compA)
Chain INPUT (policy ACCEPT 18326 packets, 9664K bytes)
pkts bytes target prot opt in out source destination
1504 45056 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
4840 3312K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 312 ACCEPT all -- !ppp0 * 0.0.0.0/0 0.0.0.0/0 state NEW

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2888 2427K ACCEPT all -- ppp0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3070 688K ACCEPT all -- eth1 ppp0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- ppp0 ppp0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 27171 packets, 3709K bytes)
pkts bytes target prot opt in out source destination



iptables -L -v -n ( from compC)

iptables -L -v -n
Chain INPUT (policy ACCEPT 773 packets, 126K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 709 packets, 123K bytes)
pkts bytes target prot opt in out source destination


It works but when I change machine it won't.

Thanks
:mad: :study:

can compC ping an Internet IP?? how about an Internet domain name??

if compC can ping compA, but not Internet IPs, you need to make sure the gateway address is properly configured on compC...

if compC can ping compA, can ping Internet IPs, but can not ping Internet domains (or surf), you need to make sure the DNS server addresses are properly configured on compC...

even though you've already checked, it would be great if you could post the output of these from compB and compC so we can compare:

Thank you. I had disparity in etc/resolv.com :confused: :confused: :confused:

It works now.

Regards
:)

hehe, cool... happy to help... :)

thanks again

:) :) :) :) :study:

Regards from Sarajevo