Hardware Config:
--------------------
"the internet cloud"
|
(eth1) - 10.1.1.166/30
[LXS] - Linux 2.4.18
(eth0) - 192.168.0.1/24
|
(eth1) - 192.168.0.22/24
[WNT] - Windoze NT 2000
--------------------
This was working with kernel 2.2.x and ipchains:
--------------------
# rc.firewall
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -M -S 7200 10 60
ipchains -P forward DENY
ipchains -A forward -s 192.168.0.0/24 -j MASQ
--------------------
So I replaced it with:
--------------------
# rc.firewall
iptables -F
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.22/24 -d 10.1.1.166/30 -v
iptables -A FORWARD -i eth1 -o eth0 -s 10.1.1.166/30 -d 192.168.0.22/24 -v
--------------------
And a call to iptables -L reveals:
--------------------
$ >sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
all -- 192.168.0.0/24 bdsl.10.1.1.164.gte.net/30
all -- bdsl.10.1.1.164.gte.net/30 192.168.0.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ >
--------------------
Now, everything else withing the local 192 network is working, samba and
all. From WNT I can ping 192.168.0.1 and 10.1.1.166, and From LXS I can
ping 192.168.0.22. I'm obviously no expert but it looks like it's missing
something related to the masqurading (nat perhaps?)
Frustrated,
Kirk
----- Original Message -----
From: "Ambrish Verma" <averma@marantinetworks.com>
To: "'Kirk'" <kirk@scriptdoggie.com>
Sent: Wednesday, May 22, 2002 12:58 PM
Subject: RE: RE:ipfwadm
> Certainly it can do this..
>
> For this you need to follow these steps:
> Here are some assumptions first:
>
> Eth0: 192.168.1.22 (local net.) and eth1:10.1.1.25 (lets say it
> is your wan).
> IBM box (ipstore1_data) : 192.168.1.8 (Maranti net.) and
> 11.1.1.25 (to linux2)
> Linux2: 192.168.1.17 (Maranti net on eth1), 10.1.1.63 (to
> Stileto2 on eth0) and
>
> First check whether your kernel has iptables compiled or not, this you
> can test just by typing "iptables -L" on prompt, if it shows somw tables
> than fine but if shows some error message than you need to do this:
> [ . Login as a root.
> . Make xconfig and see if you have "packet netfiltering"
> included under "networking options". If it is not already
> included than you need to include it and also all the options
> under "netfilter configuration" should be included.
> . Now if you have made some change to configuration in
> earlier step, than you need to recompile the kernel (simple
> steps like make dep, make clean, make bzImage, make modules and
> make modules_install. Than you also need to update the image under
> /boot directory and don't forget to run /etc/lilo again else the
> new image will not be included in your boot menu.). Now reboot the
> system.
> ]
>
> if it was fine than just enable the ip forwarding, for this follow these
> steps:
> 1) $ echo 1 > /proc/sys/net/ipv4/ip_forward
> 2) In case you want your internal hosts to see outside and vice-versa
> also
> $ echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
> $ echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp
>
> 3) $ iptables -A FORWARD -i eth0 -o eth1 -s 192.168.1.22/24 -d
> 10.1.1.25/24
> and similar one if you want other way also.
>
> Once all this is done do "iptables -L" it will show you newly added
> rules.
>
> The case I explained above may require some changes in terms of ip
> address and netmask, please be careful about that.
>
>
> --
> Ambrish
> p.s.: I can not post this message on newsgroup (as I do not have
> access), if you can post this whole thing there than it may be of help
> for others as well.
>
>
>
> -----Original Message-----
> From: Kirk [mailto:kirk@scriptdoggie.com]
> Sent: Wednesday, May 22, 2002 12:40 PM
> To: Ambrish Verma
> Subject: Re: RE:ipfwadm
>
> Does iptables have or allow IP Masqurading? This is really what I'm
> trying
> to do as I have a network behind my linux server (acting as a router)
> and
> need to forward packets from 192.168.0.x to my WAN port on the same
> Linux
> server. I had this working with ipchains until the upgrade to 2.4.18.
>
> Thanks,
> Kirk
>
> ----- Original Message -----
> From: "Ambrish Verma" <averma@marantinetworks.com>
> To: <kirk@scriptdoggie.com>
> Sent: Wednesday, May 22, 2002 12:18 PM
> Subject: RE:ipfwadm
>
>
> > In the new kernels ipchains is not included by default (probably if
> you
> > put
> > some effort you can include it.).
> > There is an alternate for ipchains is available called iptables, with
> > which
> > you should be able to do most of the things you expect from ipchains.
> >
> > --
> > Ambrish
> >
> >
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/