IP Forwarding problem
From: David Suna (david_at_davidsconsultants.com)
Date: 04/26/04
- Next message: Martin Müller: "Re: tar -N won't work over nfs"
- Previous message: ya: "I want to control remote computer that is behind filrewall."
- Next in thread: ya: "Re: IP Forwarding problem"
- Reply: ya: "Re: IP Forwarding problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 26 Apr 2004 12:56:11 +0300
I am sure there is a simple fix to my problem but I have looked on the net
and I have not found it.
I have a RedHat 9 system set up. I am connecting to the Internet via an
ISDN modem. The connection works fine. I now want to have the Windows
boxes on the LAN connect to the Internet via the Linux box. I set up IP
Forwarding. I am able to see the Linux box from the Windows machines on
the network. However, I am not able to get out onto the Internet from the
Windows machines. I ran tcpdump and I see that the requests from the
Windows machine are going out but they are showing up as coming from
192.168.0.4 instead of as from the IP assigned from my ISP.
It seems like the NAT is not working but I don't know how to fix it. The
routing table seems to be OK. Below is what is reported by route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
62.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 ippp0
0.0.0.0 62.219.193.1 0.0.0.0 UG 0 0 0 ippp0
The RedHat 7.3 system that I had in the past that performed this function
used ipchains. RedHat 9 uses iptables. I don't know if the problem
relates to a bad configuration for iptables. I used the RedHat tool for
defining the iptables rules (Medium Security with the LAN as a trusted
interface). Below is what I get from iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- ntp.ilan.net.il anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- ntp.ilan.net.il anywhere udp spt:ntp dpt:ntp
ACCEPT udp -- kd2.bezeqint.net anywhere udp spt:domain dpts:1025:65535
ACCEPT udp -- dnsmail2.bezeqint.net anywhere udp spt:domain dpts:1025:65535
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
Can someone tell me what I need to change to get the Windows machines to
see the Internet? Any pointers to documentation that addresses this
specific problem? I have read a bunch of documentation but I haven't
found a way to solve this problem.
thanks,
David Suna
david@davidsconsultants.com
- Next message: Martin Müller: "Re: tar -N won't work over nfs"
- Previous message: ya: "I want to control remote computer that is behind filrewall."
- Next in thread: ya: "Re: IP Forwarding problem"
- Reply: ya: "Re: IP Forwarding problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
