ICS/NAT/packet forwarding won't work
Troy Piggins
troy at piggo.com
Sun Jun 4 08:50:31 UTC 2006
Posted this on alt.os.linux.ubuntu but no answer as yet.
Just reinstalled my ubuntu gateway machine with shiny new Dapper
released 1/6/06. I am sure I've set it up the same way I set up Breezy,
but I can't get my WinXP to use it as a gateway to access the internet.
The Dapper machine can ping and access the internet, the router, and
internal network fine. The WinXP machine can ping the internal network
card of the Dapper machine, but not it's external card or anything
beyond that.
Not sure if there is something new in the latest kernel?
$ uname -r
2.6.15-23-server
Dapper was the server version.
Some details:
####
D-Link DSL-G604T ADSL modem/router has dynamic IP assigned by ISP, and
connected to my Dapper machine via ethernet static IP
192.168.1.1/255.255.255.0
####
####
Dapper box (armadillo) has static IP 192.168.1.10/255.255.255.0 for
connection to router, and static IP 192.168.0.1/255.255.255.0 for
internal network.
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
I edited /etc/sysctl.conf :
# Uncomment the next line to enable packet forwarding for IPv4
net/ipv4/ip_forward=1
restarted network and procps.sh
My iptables firewall script relevant lines are:
INET_IFACE="eth0"
LAN_IP="192.168.0.1"
LAN_IP_RANGE="192.168.0.0/24"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
IPTABLES="/sbin/iptables"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPTABLES -N allowed
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -d $LAN_BCAST_ADRESS -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets
$IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udpincoming_packets
$IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s $LAN_IP_RANGE -j MASQUERADE
$IPTABLES -P OUTPUT ACCEPT
####
####
WinXP box has static IP 192.168.0.3/255.255.255.0 and gateway set to
192.168.0.1
> route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f ea 3d c1 02 ...... Realtek RTL8169/8110 Family Gigabit
Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 255.255.255.255 192.168.0.1 192.168.0.3 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.3 192.168.0.3 20
192.168.0.3 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.3 192.168.0.3 20
224.0.0.0 240.0.0.0 192.168.0.3 192.168.0.3 20
255.255.255.255 255.255.255.255 192.168.0.3 192.168.0.3 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 255.255.255.255 192.168.0.1 1
####
What am I missing? Is there something new with latest kernel?
--
Troy Piggins
,-o Ubuntu v6.06 (Dapper Drake): kernel 2.6.15-23-server,
o ) postfix 2.2.4, procmail 3.22, mutt 1.5.11i,
`-o slrn 0.9.8.1, vim 6.4
More information about the ubuntu-users
mailing list