Re: communicating between subnets
On Thu, 04 Sep 2003 22:59:00 +1200, criggie wrote:
> Dude - your ISP is being an arsehole...
>
> praveen@neb.rr.com
> SMTP error from remote mailer after MAIL
> FROM:<criggie@criggie.dyndns.org>: host kcmx01.mgw.rr.com
> [24.94.163.190]: 550 5.7.1 Mail Refused - 202.0.42 - See
> http://security.rr.com/mail_blocks.htm#security - 20030323
>
yeah i have seen a lot of that happening around. it plain sucks.
> I think that your new gateway needs to know that its allowed to forward
> packets between those interfaces.
hmm. i thought allowing ip_forward in /proc file system will be sufficient
(if i trust the literature around.) the current setup on the new gateway
is that there is nothing that iptables is doing. the chains are just
empty. i thought that should intrinsically mean "don't block anything".
but i will try your suggestion for sure.
>
> Try these commands to see if it all starts working:
> /sbin/iptables --flush empties the old rulesets
> /sbin/iptables -P FORWARD ACCEPT allows packets to be forwarded
> /sbin/iptables -P OUTPUT ACCEPT allows packets to leave the system
> /sbin/iptables -P INPUT ACCEPT allows packets into the system
>
>
> At last resort you could nat between these two interfaces with a command
> like this...
> #Route between eth0 and eth1
> /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT
> --to 192.168.0.125
> /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24
> -o eth1 -j SNAT --to 192.168.1.125
yep i will try this too.
thanks
Reply to: