Re: Need help with iptables/nat
From: Alex Harsch (infodude_at_gmx.de)
Date: 08/01/04
- Next message: Nils Gorges: "Re: Exchange Source IP in incoming IP Packages"
- Previous message: Alex Harsch: "Re: Exchange Source IP in incoming IP Packages"
- In reply to: Mark Richards: "Need help with iptables/nat"
- Next in thread: Mark Richards: "Re: Need help with iptables/nat"
- Reply: Mark Richards: "Re: Need help with iptables/nat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 01 Aug 2004 12:58:12 +0200
Mark Richards wrote:
> I'm a seeker of iptables truth and need an expert as I cannot get a
> seemingly simple arrangement working properly. I'll buy the coffee for
> anone who can help!
>
> I am trying to get a simple natting router running on an embedded box. It
> must permit eth0 to be connetec to a cable modem, and eth1 to a pc. The
> intent is to insert the embedded box in the ethernet chain without
> breaking anything. :) Since most clients get an ip dynamically, I've
> installed udhcp in the embedded box.
>
> The setup and more details of the issue are posted here:
> http://www.massmicro.com/grief.html
>
> I'm testing on my local lan (192.168.1.0./24). The embedded box eth0 is
> set to a static IP 192.168.1.90. The box hosts udhcpd so that a client
> connected to the embedded box's eth1 gets an IP address in the range
> 192.168.10.100 - 192.168.10.190. The embedded eth1 is set to
> 192.168.10.254. The client gets its ip fine.
>
> No matter what I do (so far) I can't get from the client through to the
> local lan (and then out to the net). I can ping a www url from the
> embedded box just fine, but from the client I get "Destination Host
> Unreachable".
>
> I'm using a very simple iptables script to begin with. iptables -A
> POSTROUTING -t nat -o eth0 -j MASQUERADE is, I think, correct for this
> case. Along with setting echo 1 > /proc/sys/net/ipv4/ip_forward.
>
> Here's a simple diagram of my setup:
>
> Public Internet
> ADSL Modem
> [dynamic i/p]
> |
> Linksys Router
> [192.168.1.0/24] =Embedded server box=
> |
> 3Com Switch -- > 192.168.1.90 [static/eth0]
> udhcpd
> iptables
> switch < -- 192.168.10.254 [static/eth1]
> |
> client i/p via dhcp 192.168.10.254 [dynamic/eth2]
> Also 192.168.1.80 [static/eth1] -> connected to 3com switch into local
> lan.
>
> As you can see, in my test setup there's double natting going on. First on
> my lan's router, and then on the embedded box. Since I'm bridging between
> different subnets, (risking being called a stupid un-manual reading type)
> I assumed this was perfectly legal.
>
> Can this setup actually work? Am I missing a fundamental here?
Hi,
as Jack already pointed out, there is a default route missing on the
clients. Besides, the 169.254.*.* is something that started out in windows
and it seems to be adapted by some Linux distros like SuSE for example.
DHCP clients, that do not manage to get an IP from a DHCP Server use IPs
from this range to make communication possible in case of a DHCP server
crash. If one of your clients operates with an Ip like this, check your
DHCP server settings. Alex
- Next message: Nils Gorges: "Re: Exchange Source IP in incoming IP Packages"
- Previous message: Alex Harsch: "Re: Exchange Source IP in incoming IP Packages"
- In reply to: Mark Richards: "Need help with iptables/nat"
- Next in thread: Mark Richards: "Re: Need help with iptables/nat"
- Reply: Mark Richards: "Re: Need help with iptables/nat"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
