Re: iptables masquerading
Yes, ip_forward is set to 1.
On 2/3/08, Thomas Goirand <thomas@goirand.fr> wrote:
> Jim Popovitch wrote:
> > (my fav linux list is missing in action... so I'm trying here)
> >
> > What am I doing wrong.... :-)
> >
> > ifconfig tap0 192.168.1.1 netmask 255.255.255.0 up
> > iptables -A FORWARD -i eth0 -o tap0 -m state --state
> > ESTABLISHED,RELATED -j ACCEPT;
> > iptables -A FORWARD -i tap0 -o eth0 -j ACCEPT;
> > iptables -t nat -A POSTROUTING -s 192.168.1.0 -o eth0 -j MASQUERADE;
> >
> >>From a PC at 192.168.1.2 I can ping 192.168.1.1 over the vpn
> > (OpenVPN), but when I try to ping/telnet through the vpn I get
> > nowhere. When doing the following from 192.168.1.2:
> >
> > telnet www.testing.com 80
> >
> >
> > on 192.168.1.1 I see this:
> >
> > $ tcpdump -i any host www.testing.com
> > tcpdump: WARNING: Promiscuous mode not supported on the "any" device
> > tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> > listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
> bytes
> > 00:12:49.535229 arp who-has papyrus.kattare.com tell 192.168.1.2
> > 00:12:50.535768 arp who-has papyrus.kattare.com tell 192.168.1.2
> > 00:12:51.535862 arp who-has papyrus.kattare.com tell 192.168.1.2
> >
> > BTW, papyrus.kattare.com is aka www.testing.com
> >
> > Tia,
>
> Just in case: did you check that forwarding is activated in
> /proc/sys/net/ipv4/ip_forward ? Do a cat of the file, check it has 1, if
> not then configure it for next boot (best is to configure it using
> /etc/sysctl.conf).
>
> Thomas
>
--
-Jim P.
Reply to: