Re: iptables masquerading/snat stop working upon moving to kernel 2.6

From: Jean-David Beyer (jdbeyer_at_exit109.com)
Date: 08/23/05 

Date: Tue, 23 Aug 2005 06:34:54 -0400

Llanzlan Klazmon wrote:
> S P Arif Sahari Wibowo <arifsaha@yahoo.com> wrote in
> news:Pine.LNX.4.63.0508220850270.5253@localhost.localdomain:
>
>
>>Hi!
>>
>>Upon moving from RH 9 (kernel 2.4.18 and 2.4.20) to WBEL 4 (RHEL
>>4 recompile, kernel 2.6.9), a simple masquerading snat stop
>>working. Packet reach the PREROUTING chain but never reach
>>POSTROUTING chain.
>>
>>Any idea why and how to fix it?
>
>
> Do you have ip_forward turned on?
>
Here is part of my /etc/sysctl.conf:

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_forward = 1 <---<<<
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth1.forwarding = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 1 

-- 
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 06:30:00 up 69 days, 25 min, 3 users, load average: 4.18, 4.20, 4.10

Relevant Pages