On Thu, Nov 07, 2002 at 12:03:24PM -0200, Christoph Simon wrote......
>
> I didn't read the start of the thread, but from what I'm seeing here,
> you are missing some masquerading or source nat. First make sure, the
> default policy of all enabled iptables is ACCEPT and not DROP (most
> probably, it's OK). Then, you need to add an iptables-rule like:
>
> iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j SNAT $IPE
>
> if you have a static external IP address, or just
>
> iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j MASQUERADE
>
> assuming that LAN is something like 10.0.0.0/8 (your local network and
> mask), eth1 is your external interface and IPE is the external IP you
> have
I added everything you suggested per my setup, and I'm still not getting
packets through.
One other thing I've noticed is that if I 'ps aux|grep iptables' I don't
get anything but the grep back. Shouldn't iptables be running as a
process? With that in mind, I tried starting it with
'/etc/init.d/iptables start' but am given the err message:
sumida:/home/kosuke# /etc/init.d/iptables start
Aborting iptables load: unknown ruleset, "active".
Note that I try starting it 'after' having loaded the following from a
simple script:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F -t nat
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -s ${LAN} -o eth1 -j MASQUERADE
where LAN is 10.0.0.0/8 (client is 10.10.10.156 and proxy box is
10.10.10.10).
Thanks again for the attention and help.
Kevin
--
Kevin Coyner
mailto: kevin@rustybear.com
GnuPG key: 1024D/8CE11941
Attachment:
pgpzYRtoiLqiS.pgp
Description: PGP signature