nogradi
2006-02-22, 02:09 PM CST
With the following layout I would like to set up a home network on a FC3 box with kernel-2.6.12-1.1381_FC3 and iptables-1.2.11-3.1.FC3:
machine A - eth1 ------------- adsl modem ----------- internet
|
eth0
|
|
|
hub
|
|
|
machine B
Pinging between A and B works both ways, I can access the internet from A and can ssh from B to A. Now I would like to set up masquerading in order to access the internet from B as well. I have the following rules:
# make sure we start from zero
iptables --flush
iptables -t nat --flush
iptables --delete-chain
iptables -t nat --delete-chain
# set up masquarading to eth1
iptables -t nat -A POSTROUTING --out-interface eth1 -j MASQUERADE
# allow forwarding from eth0
iptables -A FORWARD --in-interface eth0 -j ACCEPT
# enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
And machine B still can not access the internet. The gateway is set up properly, for example a traceroute google.com from machine B shows that it reaches machine A, but does not go further.
Output from iptables --list:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Output from iptables -t nat --list:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
All of this tells me that it should be okay, but still doesn't work.
Any ideas?
machine A - eth1 ------------- adsl modem ----------- internet
|
eth0
|
|
|
hub
|
|
|
machine B
Pinging between A and B works both ways, I can access the internet from A and can ssh from B to A. Now I would like to set up masquerading in order to access the internet from B as well. I have the following rules:
# make sure we start from zero
iptables --flush
iptables -t nat --flush
iptables --delete-chain
iptables -t nat --delete-chain
# set up masquarading to eth1
iptables -t nat -A POSTROUTING --out-interface eth1 -j MASQUERADE
# allow forwarding from eth0
iptables -A FORWARD --in-interface eth0 -j ACCEPT
# enable ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
And machine B still can not access the internet. The gateway is set up properly, for example a traceroute google.com from machine B shows that it reaches machine A, but does not go further.
Output from iptables --list:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Output from iptables -t nat --list:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
All of this tells me that it should be okay, but still doesn't work.
Any ideas?