help with IP Masquerading, 2.4 kernel
My main machine, scratchy, is connected to the net using PPPOE (PPP
over ethernet) over DSL. I have another machine, cheddar, connected
to a second ethernet card on scratchy with an ethernet crossover
cable. I am trying to using netfilter (iptables) to masquerade
cheddar behind scratchy, and it is almost working: pings and DNS
lookups work fine, with no packets dropped and no errors. telnet and
ssh work as well, until I try to transfer a lot of data at once
(e.g. a screenful, such as appears when you bring up a man page), at
which point the connection freezes. wget freezes immediately. But
netstat -i doesn't show any errors or dropped packets, and there is
nothing in the log files of any of the three machines involved.
Connections between cheddar and scratchy and between scratchy and
the outside world work perfectly.
Any suggestions where to look further?
Here's are some settings:
cheddar# ifconfig
eth0 Link encap:Ethernet HWaddr 00:01:03:85:AC:D8
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xd400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16144 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
cheddar# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
scratchy# ifconfig
eth0 Link encap:Ethernet HWaddr 00:80:C8:B9:FD:24
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:180469 errors:1 dropped:0 overruns:0 frame:16190
TX packets:173454 errors:87 dropped:0 overruns:0 carrier:153
collisions:1241 txqueuelen:100
RX bytes:113137907 (107.8 Mb) TX bytes:19757452 (18.8 Mb)
Interrupt:3 Base address:0x300
eth1 Link encap:Ethernet HWaddr 00:E0:98:03:CF:B0
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:28329 errors:0 dropped:0 overruns:0 frame:0
TX packets:29667 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1911832 (1.8 Mb) TX bytes:42401143 (40.4 Mb)
Interrupt:9 Base address:0x320
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16144 Metric:1
RX packets:26861 errors:0 dropped:0 overruns:0 frame:0
TX packets:26861 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13163203 (12.5 Mb) TX bytes:13163203 (12.5 Mb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:129.100.240.47 P-t-P:129.100.2.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:84071 errors:0 dropped:0 overruns:0 frame:0
TX packets:71905 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:93703135 (89.3 Mb) TX bytes:6373070 (6.0 Mb)
scratchy# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
129.100.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 129.100.2.1 0.0.0.0 UG 0 0 0 ppp0
scratchy# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Thanks for any help anyone can provide!
Dan
Reply to: