Re: Routing or iptables problem, or masquerading?!
Problem solved! Worked out that what I was really trying to do was use the
linux box as a bridge, installed brudge-utils and now everything works.
- Joe
I have got a bit further with my networking problem, using a linux box as a
router, now I have a different problem.
I have five machines [Windows PCs and Macs] connected to an ethernet switch.
They are all 192.168.0.x
One of these has two NICs, and is used to connect in the linux box. The
second NIC is 192.168.1.1.
The linux box has two NICs, 192.168.1.2 which connects to the previous
machine. And 192.168.2.1, which connects to my final machine, 192.168.2.2.
The dual-homed windows machine routes messages onto the 192.168.0.x network.
The linux box now routes from 192.168.2.2 to the Windows machine - I can
successfully ping from 192.168.2.2 to 192.168.0.6. This required iptables
[which is what I had not realised].
But the windows machine cannot ping back. This seems to be either an
iptables or a routing problem. The pings from 192.168.0.6/192.168.1.1 do
however reach the linux box, but tcpdump reports a message like:
arp who-has 192.168.2.2 tell 192.168.1.1
This obviously means the messages are not being forwarded across the linux
box. Previously I got these messages in the other direction, but iptables
has solved that.
I have tried using the same iptables code, but reversing the "input" and
"output" interfaces, but it still will not forward messages from 1.1/0.6 -
all that happens is it doesn't forward from 2.2 either.
My iptables code is:
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED
-j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
Any ideas?
- Joe
Reply to: