On Thu, Nov 07, 2002 at 12:03:24PM -0200, Christoph Simon wrote...... > I didn't read the start of the thread, but from what I'm seeing here, > you are missing some masquerading or source nat. First make sure, the > default policy of all enabled iptables is ACCEPT and not DROP (most > probably, it's OK). Then, you need to add an iptables-rule like: > > iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j SNAT $IPE > > if you have a static external IP address, or just > > iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j MASQUERADE > > assuming that LAN is something like 10.0.0.0/8 (your local network and > mask), eth1 is your external interface and IPE is the external IP you > have. Sorry about the two posts in a row, but I forgot to mention this is the earlier post ... When I try pinging to the outside world from the client (via the proxy box) I can't get out. In trying to gather more clues, I did the following: sumida:/etc/init.d# cat /proc/net/ip_conntrack <snip> udp 17 9 src=10.10.10.156 dst=192.168.2.254 sport=1059 dport=53 [UNREPLIED] src=192.168.2.254 dst=192.168.2.254 sport=53 dport=1059 use=1 udp 17 17 src=10.10.10.156 dst=167.206.112.4 sport=1061 dport=53 [UNREPLIED] src=167.206.112.4 dst=192.168.2.254 sport=53 dport=1061 use=1 The first destination (192.168.2.254) is the router. The second dest is a DNS server on the outside world. In both cases the [UNREPLIED] message is appended. Is that the proxy box 'not replying'? Thanks, Kevin -- Kevin Coyner mailto: kevin@rustybear.com GnuPG key: 1024D/8CE11941
Attachment:
pgpzRClaZWO4i.pgp
Description: PGP signature