[SOLVED] Re: Ubuntu Server with 2 NICs, help with routing
Karl Auer
kauer at biplane.com.au
Mon Mar 24 07:31:31 UTC 2014
On Mon, 2014-03-24 at 19:46 +1300, Roland Hill wrote:
> If I add the following iptable rules it [works]:
> # iptables --table nat --append POSTROUTING --out-interface eth0 -j
> MASQUERADE
> # iptables --append FORWARD --in-interface p3p3 -j ACCEPT
Hm! That's a variant of "there's a routing problem". And yes, it makes
sense (I think).
The first line is NAPT-ing all addresses 192.168.0.0/24 to 10.0.0.2. The
router is probably only NAPT-ing 10.0.0.0/16, because that's the network
on its inside interface. I'm guessing that the router is not smart
enough to do NAPT on multiple address ranges. Look into that; you might
be able to avoid double-NAPT-ing. Which is what you have now - the
server is NAPT-ing outbound packets with source address 192.168.1.0/24,
then the router NAPTs everything with source address 10.0.0.0/16.
See if you can configure the router to do NAPT for multiple source
address ranges. If you can, then you can get rid of the
double-NAPT-ing. If you can't, invest in something like a MikroTik
RB951G, switch the Vodaphone-supplied router into bridge mode and go
wild, because MikroTiks can do *anything* :-)
You're in New Zealand, right? These guys are good:
http://www.gowifi.co.nz or this Oz company will ship to you:
http://www.duxtel.com.au.
Not quite sure why the second line would be needed unless you have a
default policy of "don't forward".
Regards, K.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389
GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A
More information about the ubuntu-users
mailing list