Re: ip_forward - 2 nics
On Thu, 7 Nov 2002 08:46:44 -0500
Kevin Coyner <kevin@rustybear.com> wrote:
> No, that's not it. The client default GW is set to 10.0.0.254, and the
> client can ping 10.0.0.254. Similary, sumida the proxy server can ping
> the client and can ping the outside world. The only ping that isn't
> working is client to outside world via proxy server.
>
> So somewhere in that proxy server box is a setting that is keeping
> traffic from flowing.
>
> Just in case, I also executed "iptables -F" just to clear all of the
> tables, and I still can't forward an ip packet from client to the world
> via the proxy server.
>
> Are there any other settings that I'm missing? There must be one,
> little one out there ...
I didn't read the start of the thread, but from what I'm seeing here,
you are missing some masquerading or source nat. First make sure, the
default policy of all enabled iptables is ACCEPT and not DROP (most
probably, it's OK). Then, you need to add an iptables-rule like:
iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j SNAT $IPE
if you have a static external IP address, or just
iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j MASQUERADE
assuming that LAN is something like 10.0.0.0/8 (your local network and
mask), eth1 is your external interface and IPE is the external IP you
have.
--
Christoph Simon
ciccio@kiosknet.com.br
---
^X^C
q
quit
:q
^C
end
x
exit
ZZ
^D
?
help
.
Reply to: