There's something interesting going on.... Apparently I can browse anything, from my laptop, or any pc in subnet, as far as it's from Romania, but nothing outside.
Anyone has any idea, why I can browse anything on the pc, which is the gateway for subnet, and pc's from subnet can browse only web pages in Romania. And yet VMWare Network modules, manage to establish a perfect connection. So wtf is the problem .... I'm running out of resources.
----- Forwarded Message ----
From: Bonnel Christophe <mage.tophinus@free.fr>
To: chindea mihai <misubs24@yahoo.com>
Cc:
debian-amd64@lists.debian.org
Sent: Wednesday, April 2, 2008 6:31:20 PM
Subject: Re: Fw: NAT and IPTABLES problem
What kind of ping do you use ? ping
www.yahoo.com or ping 216.109.112.135 ?
If you ping
www.yahoo.com, i think dns server is your gateway, isn't it ?
Ok, so your vmware is installed of your gateway. It may not use your
debian as gateway and go directly through your eth2 interface ....
It doesn't seem that the problem comes from the iptables or kernel
version...
Do you reboot your gateway at least one time since the problem starts ?
It becomes very difficult. I hope (and assume) your laptop is linux
too... Can you try this on your laptop :
ifconfig mtu 1450
echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
echo "0" > /proc/sys/net/ipv4/tcp_ecn
(verify the values
with "cat" and "ifconfig" commands)
And now try to ping and give us the result ? Does it works or not ?
Christophe
chindea mihai a écrit :
> Hi,
>
> After restarting iptables:
>
> /etc/network# iptables -t filter -L FORWARD -v -n
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 20 1032 ACCEPT 0 -- eth2 eth1 192.168.5.0/24
> 0.0.0.0/0
> 0 0 ACCEPT 0 -- * * 0.0.0.0/0
> 0.0.0.0/0 state RELATED,ESTABLISHED
> 0
0 LOG 0 -- * eth1 0.0.0.0/0
> 192.168.5.0/24 LOG flags 0 level 4
> 0 0 DROP 0 -- * eth1 0.0.0.0/0
> 192.168.5.0/24
> 0 0 LOG 0 -- * * 0.0.0.0/0
> 0.0.0.0/0 LOG flags 0 level 4
> 0 0 DROP 0 -- * * 0.0.0.0/0
> 0.0.0.0/0
> /etc/network#
>
> /etc/network# iptables -t
nat -L POSTROUTING -v -n
> Chain POSTROUTING (policy ACCEPT 51 packets, 2847 bytes)
> pkts bytes target prot opt in out source
> destination
> 16 888 MASQUERADE 0 -- * eth1 192.168.5.0/24
> 0.0.0.0/0
> /etc/network#
>
> After Adding those two rulles:
>
> General forward : IN=eth2 OUT=eth1 SRC=""
> DST=216.109.112.135 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=234
> PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=12
> General forward : IN=eth2 OUT=eth1 SRC=""
> DST=216.109.112.135 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=235
> PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=13
>
General forward : IN=eth2 OUT=eth1 SRC=""
> DST=216.109.112.135 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=236
> PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=14
> General forward : IN=eth2 OUT=eth1 SRC=""
> DST=216.109.112.135 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=237
> PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=15
> So you were right...
>
> The rest of informations:
> /etc/network# iptables --version
> iptables v1.3.6
> /etc/network# uname -r
> 2.6.18-6-amd64
>
> About Vmware, I suppose your're thinking to vmware esx Server cause
> that is OS independent. I'm using vmware workstation, which is
> installed over Debian, but as Alex said, vmware has it's own network
> modules. Ping attemps from an guest OS it's working fine.
>
> Thanks,
>
Mihai