Re: Proxy/Gateway - masquerading problems with two subnets
- From: Jarek Poplawski <not.real@xxxxxxxxxx>
- Date: Mon, 19 Jun 2006 13:35:50 +0200
Henri Schomäcker wrote:
Hi folks,....
But with the other subnets, we have problems with masquerading I think.
For example: If someone makes a web-request from let's say 172.18.200.2,
we see the domain-request routed out correctly, but that's it:
IN=eth_lan OUT=eth_isp SRC=172.18.200.2 DST=sme.whr.out.tre LEN=72 TOS=0x00
PREC=0x00 TTL=125 ID=8718 PROTO=UDP SPT=1293 DPT=53 LEN=52
You mean that's all?
Does it work?:
- from 172.18.200.2: ping -c1 172.16.250.11
- from 172.18.200.2: ping -c1 www.google.com
- from 172.16.250.11: ping -c1 172.18.200.2
If not, check your route to 172.18.0.0/16 on 172.16.250.11.
If yes, and you could see www pages properly from 172.18.200.2 without squid - you can check it now by adding for a while:
$IPTABLES -t nat -I PREROUTING -i ${INTERNAL_INTERFACE} -s 172.18.0.0/16 -j ACCEPT
and removing after test:
$IPTABLES -t nat -D PREROUTING -i ${INTERNAL_INTERFACE} -s 172.18.0.0/16 -j ACCEPT
- than it's probably something with squid.conf
Jarek P.
.
- References:
- Proxy/Gateway - masquerading problems with two subnets
- From: Henri Schomäcker
- Proxy/Gateway - masquerading problems with two subnets
- Prev by Date: IP address.
- Next by Date: Bare-bones file server?
- Previous by thread: Proxy/Gateway - masquerading problems with two subnets
- Next by thread: Re: ICMP ping effecting network flow?
- Index(es):
