Re: ip_forward - 2 nics

To: debian-user@lists.debian.org
Subject: Re: ip_forward - 2 nics
From: Jeff <jcoppock1@attbi.com>
Date: Thu, 7 Nov 2002 12:20:52 -0800
Message-id: <[🔎] 20021107202052.GK3264@jc.oftheinter.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20021107191446.GE4969@rustybear.com>
References: <[🔎] 20021107045030.GA4969@rustybear.com> <[🔎] 20021107062809.GH3264@jc.oftheinter.net> <[🔎] 20021107134644.GC4969@rustybear.com> <[🔎] 20021107120324.00e3437f.ciccio@kiosknet.com.br> <[🔎] 20021107191446.GE4969@rustybear.com>

Kevin Coyner, 2002-Nov-07 14:14 -0500:
> 
> On Thu, Nov 07, 2002 at 12:03:24PM -0200, Christoph Simon wrote......
>  
> > I didn't read the start of the thread, but from what I'm seeing here,
> > you are missing some masquerading or source nat. First make sure, the
> > default policy of all enabled iptables is ACCEPT and not DROP (most
> > probably, it's OK). Then, you need to add an iptables-rule like:
> > 
> > 	iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j SNAT $IPE
> > 
> > if you have a static external IP address, or just
> > 
> > 	iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j MASQUERADE
> > 
> > assuming that LAN is something like 10.0.0.0/8 (your local network and
> > mask), eth1 is your external interface and IPE is the external IP you
> > have.

You don't need NAT on sumida since both networks are private and you
router does the NATing, according to the original diagram.  Remove
these POSTROUTING entries.

>  
> Sorry about the two posts in a row, but I forgot to mention this is the
> earlier post ...
> 
> When I try pinging to the outside world from the client (via the proxy
> box) I can't get out.  In trying to gather more clues, I did the
> following:
> 
> sumida:/etc/init.d# cat /proc/net/ip_conntrack
> <snip>
> udp  17 9 src=10.10.10.156 dst=192.168.2.254 sport=1059 dport=53
> [UNREPLIED] src=192.168.2.254 dst=192.168.2.254 sport=53 dport=1059
> use=1
> udp  17 17 src=10.10.10.156 dst=167.206.112.4 sport=1061 dport=53
> [UNREPLIED] src=167.206.112.4 dst=192.168.2.254 sport=53 dport=1061
> use=1
> 
> The first destination (192.168.2.254) is the router.  The second dest is
> a DNS server on the outside world.  In both cases the [UNREPLIED]
> message is appended.  Is that the proxy box 'not replying'?

Ah, when you ping the world, are you pinging using a domain name or an
IP?

I appears you are using a domain name and it's not getting resolved.
According to he cat above, your router is may be droping the DNS
requests.  Could this router be doing a DNS proxy?  Try setting the
DNS IP on your client and sumida to 192.168.10.254 and see if it
works.  Also, where did 192.168.2.254 come from?  According to you
original post, the network between sumida and the router is
192.168.10.0.

One last thing, can you client ping 192.168.10.254?  That would prove
that sumida is forwarding.

jc

--
Jeff Coppock		Systems Engineer
Diggin' Debian		Admin and User

Reply to:

Follow-Ups:
- Re: ip_forward - 2 nics
  - From: Kevin Coyner <kevin@rustybear.com>

References:
- ip_forward - 2 nics
  - From: Kevin Coyner <kevin@rustybear.com>
- Re: ip_forward - 2 nics
  - From: Jeff <jcoppock1@attbi.com>
- Re: ip_forward - 2 nics
  - From: Kevin Coyner <kevin@rustybear.com>
- Re: ip_forward - 2 nics
  - From: Christoph Simon <ciccio@kiosknet.com.br>
- Re: ip_forward - 2 nics
  - From: Kevin Coyner <kevin@rustybear.com>

Prev by Date: Re: Upgrading, getting the package
Next by Date: Re: How to add "testing" source to my apt.conf?
Previous by thread: Re: ip_forward - 2 nics
Next by thread: Re: ip_forward - 2 nics
Index(es):
- Date
- Thread