Re: kmod and NAT broken in 2.4.1?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> I don't think I was trying to contact the external interface, but we may be
> using that word differently.
>
> My router has a card eth1 with address x.y.z.q, used both by me and the
> outside world (my "external interface"). I am trying to pick x.y.z.1 on
> the DSL provider's network. The packets do go out eth1 and back in, but
> they don't make the final return trip to eth0.
Ah...
Do this as root and try again:
sysctl -w net.ipv4.ip_forward=1
In /etc/network/options there is the line
ip_forward=no
Changing that to
ip_forward=yes
will cause Debian perform the "sysctl ..." line above at boot.
If it still doesn't work, there's still another possibility:
/etc/network/options has the line
spoofprotect=yes
You may need to change that to
spoofprotect=no
and reboot (or
for VAR in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $VAR; done
as root if you don't want to reboot). Turning off rp_filter is important
if you're doing policy routing with Linux (it doesn't look like you are).
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
GPG key id: 50DE1CFC
GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6sQq8/ZTSZFDeHPwRAocRAKDcO0evKYx02kesJgoi/imWwYoGTwCgjWmr
Tey467YJXlKNLqoRHWGzHjE=
=OJCu
-----END PGP SIGNATURE-----
Reply to: