[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problems with (perhaps) IPMASQ



Hello

On Wed, Jan 23, 2008 at 10:13:42AM +0100, Carlos Enrique Carleos Artime wrote:
> Present situation:
[...]
> Ping from A to B 192.168.2.1 failed:
>  knoppix@A:~$ ping 192.168.2.1
>  PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
>  ping: sendmsg: Operation not permitted
>  ping: sendmsg: Operation not permitted

From host A you said ping 192.168.0.1 is ok but 192.168.2.1 does not work.
Have you tried both pings with the user "knoppix" or just the second one?

 $ ls -l /bin/ping
-rws--x--x 1 root root 34628  3. Jdn 13:54 /bin/ping
   ^ perhaps your "ping" is not suid-root or
     the "nosuid"-Flag is set on the "/"-Partition?

[...]

Is the following Correct?

Host A   (eth1)     Host B (rl0)     Host B (ural0)      Host C (ural0)
192.168.0.2/24 <--> 192.168.0.1/24 + 192.168.2.1/24 <--> 192.168.2.2/24

Host A (192.168.0.2/24)
  ping 192.168.0.1 ok
  ping 192.168.2.1 not ok <-- see above.
  ping 192.168.2.2 <-- what about that?


Host B (192.168.0.1/24, 192.168.2.1/24)
  ping 192.168.2.2 ok
  ping 192.168.0.2 ok
  ping anywhere_in_internet ok


Host C (192.168.2.2/24)
  ping 192.168.2.1 ok
  ping 192.168.0.1 ok
  ping 192.168.0.2 not ok


What's the routing-Configuration from Host B?
Does it any NAT or just routing?
If there is any NAT-Configuration on B, then remove it.

Is IP-forwarding enabled on Host B as well?

> Many thanks for your time and help :-)
> 


> root@A:~# iptables -L FORWARD
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     0    --  192.168.0.0/24       anywhere

ACCEPT     0    --  192.168.2.0/24       anywhere <-- that is missing!

[...]


best regards

Koppensteiner Mario

Attachment: pgp3MvOK9O0D1.pgp
Description: PGP signature


Reply to: