Very Computer

I built Kernel 2.4.17 with iptables (vers. 1.2.5) and
ipchains. Masquerading works with ipchains, but
not with iptables. I can't ping my providers Gateway IP
from my PC but I can ping it from my Linux server.
I can ping the IP my provider assigned to me from
my PC.

I've tried all of the example lines of iptables rules given
in the howto pages and elsewhere :

i.e
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to <ext ip>
and one with
iptables -t nat -A POSTROUTING -p tcp -o eth1 -j SNAT --to <ext ip>:1-1023

Could anyone help ?

You could try something like this:

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A INPUT   -i eth1 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i eth1 -m state --state NEW,INVALID -j DROP

Do not forget to run:

echo 1 > /proc/sys/net/ipv4/ip_forward

_before_ iptables

// SVisor

--ravi

Quote:> What did you specify the DNS servers for the machines behind your gateway
?
> They must be the same as the DNS servers provided by your ISP. Moreover,
> check whether ip forwarding is enabled within the kernel..

> --ravi

Thanks,
Peter

Quote:> I have a home network which connects to my
> provider through a cable modem. My Pc is
> connected to the cable modem with a network card
> (eth1) and any other PC's connect to the internet
> on my Linux Server through a hub connected to a
> network card (eth0) on it.

> I built Kernel 2.4.17 with iptables (vers. 1.2.5) and
> ipchains. Masquerading works with ipchains, but
> not with iptables. I can't ping my providers Gateway IP
> from my PC but I can ping it from my Linux server.
> I can ping the IP my provider assigned to me from
> my PC.

> I've tried all of the example lines of iptables rules given
> in the howto pages and elsewhere :

> i.e
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to <ext ip>
> and one with
> iptables -t nat -A POSTROUTING -p tcp -o eth1 -j SNAT --to <ext ip>:1-1023

> Could anyone help ?

is the line i have.. and you're NATing the traffic, not MASQing it..

$HOME_NET = 192.168.0.0/24
$OUT_IF = eth0 (my external nic)
$OUTSIDE_IP = my public IP

hope that helps..

Please see:

http://www.e-infomax.com/ipmasq/howto/m-html/ipmasq-HOWTO-m.html

An Excerpt:
3.4.1. Configuring IP Masquerade on Linux 2.4.x Kernels

"Please note that IPCHAINS is no longer the primary firewall configuration tool
for the 2.4.x kernels. The new kernels now use the IPTABLES toolkit though the
new 2.4.x kernels CAN still read and enable old IPCHAINS or IPFWADM rulesets
via a compatiblity module. It should be noted that when in this mode, NO
IPTABLES modules can be loaded. It should also be noted that none of the 2.2.x
IPMASQ modules are compatible with 2.4.x kernels. For a more detailed reason
for these changes, please see the Chapter 7 section."

Hope that helps. After you sort your problems, maybe you can help me out ;-)

HTH
Al Brandt

Remember insmod the masq module if you choose to compile MASQUERADE target
support as a module.

// Erik Halsius

--

.signature:

        "There's never time to do it right,
         but there's always time to do it over."