Very Computer

I have RedHat 7.1, and I recently upgraded to kernel 2.4.7.
I would like to use this computer as an internet gateway for other
computers.
I went to this web site.
http://netfilter.filewatcher.org/unreliable-guides/NAT-HOWTO/NAT-HOWT...
doc.html#toc4
The section 4.1 says to type the following.

modprobe iptable_nat
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

When I typed the first command, I got an error, but I think that's because
when I compiled the kernel, I selected all the networking options as "Y",
not as modules.
The second and the third command did not give me errors.  There was no
response, so I guess the command was accepted.
However, it's not working.  When I revert to RedHat 6.2, and use IP chains,
everything works.
What did I do wrong?

--

I've used the NATO & International Aviation Phonetic Alphabet in my email
address, so the spammers'll have to work a bit harder.  Interestingly, in
Phonetic Alphabet, the letter "A" is represented by "Alfa", not "Alpha".
Anyway, if you're having trouble deciphering my cryptic email address, look
up "Phonetic Alphabet" on the web.  Sorry for the inconvenience.

Quote:> I have RedHat 7.1, and I recently upgraded to kernel 2.4.7.
> I would like to use this computer as an internet gateway for other
> computers.
> I went to this web site.

http://netfilter.filewatcher.org/unreliable-guides/NAT-HOWTO/NAT-HOWT...

Quote:> doc.html#toc4
> The section 4.1 says to type the following.

> modprobe iptable_nat
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward

> When I typed the first command, I got an error, but I think that's because
> when I compiled the kernel, I selected all the networking options as "Y",
> not as modules.
> The second and the third command did not give me errors.  There was no
> response, so I guess the command was accepted.
> However, it's not working.  When I revert to RedHat 6.2, and use IP
chains,
> everything works.
> What did I do wrong?

If the web site above gives you an error, try this address.
http://netfilter.filewatcher.org/unreliable-guides/NAT-HOWTO/index.html

: modprobe iptable_nat
: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
: echo 1 > /proc/sys/net/ipv4/ip_forward

is ppp0 the interface you want packets to go out on?

--
Ben Garrison * cs1322 TA / ProgDev * www.bengarrison.net
\ Romans 8:38  For I am convinced that neither death nor life,
 \ nor angels nor demons, neither the present nor the future,
  \ nor any power...will be able to separate us from the love of Christ

One odd thing I noticed when I upgraded to Red Hat 7.1 is that, by default,
the init.d scripts run both an ipchains and an iptables script.  The
ipchains script runs first, and itables doesn't seem to work after that.  I
disabled the ipchains script (renamed S08ipchains to K08ipchains in
/etc/rc3.d and /etc/rc5.d) and was then able to use iptables without a
hitch.  Maybe you're having a similar problem?

-Josh

Quote:> I have RedHat 7.1, and I recently upgraded to kernel 2.4.7.
> I would like to use this computer as an internet gateway for other
> computers.
> I went to this web site.

http://netfilter.filewatcher.org/unreliable-guides/NAT-HOWTO/NAT-HOWT...

Hi!,

Quote:> modprobe iptable_nat
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward

> When I typed the first command, I got an error, but I think that's because
> when I compiled the kernel, I selected all the networking options as "Y",
> not as modules.
> The second and the third command did not give me errors.  There was no
> response, so I guess the command was accepted.
> However, it's not working.  When I revert to RedHat 6.2, and use IP chains,
> everything works.
> What did I do wrong?

Make sure you allow IP forwarding by modifying the /etc/sysctl.conf file so
that ip_forward has a value of one.  You will then either need to reboot the
machine or issue the "sysctl" command to inform the kernel that IP forwarding
has been activated.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

with ipchains, it's "ip_masq_ftp"

Quote:> : modprobe iptable_nat
> : iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> : echo 1 > /proc/sys/net/ipv4/ip_forward

> is ppp0 the interface you want packets to go out on?

Yes.  The Linux computer connect to the internet via a 56k modem.

Quote:> > modprobe iptable_nat
> > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> > echo 1 > /proc/sys/net/ipv4/ip_forward

> > When I typed the first command, I got an error, but I think that's
because
> > when I compiled the kernel, I selected all the networking options as
"Y",
> > not as modules.
> > The second and the third command did not give me errors.  There was no
> > response, so I guess the command was accepted.
> > However, it's not working.  When I revert to RedHat 6.2, and use IP
chains,
> > everything works.
> > What did I do wrong?

> Make sure you allow IP forwarding by modifying the /etc/sysctl.conf file
so
> that ip_forward has a value of one.  You will then either need to reboot
the
> machine or issue the "sysctl" command to inform the kernel that IP
forwarding
> has been activated.

My setup works for IP chains.
The /etc/sysctl.conf file has the following lines.

net.ipv4.ip_forward = 1
net.ipv4.ip_always_defrag = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq =

Didn't ip_always_defrag go away in 2.4.x?

=R=

--
The reply-to-address is *REAL* and will expire on 0:01 1-August-2001.
 >>  HTML emails will be bounced UNREAD.  You've been warned.  <<
 >>  Some ISPs are blacklisted due to rampant network abuse.   <<
Please review http://www2.paypc.com/blacklists/ before emailing.

Quote:> > My setup works for IP chains.
> > The /etc/sysctl.conf file has the following lines.

> > net.ipv4.ip_forward = 1
> > net.ipv4.ip_always_defrag = 1
> > net.ipv4.conf.all.rp_filter = 1

> Didn't ip_always_defrag go away in 2.4.x?

Hey, it worked!
I commented out the following line.
# net.ipv4.ip_always_defrag = 1
And now, everything is working great!
Thanks.

Quote:> > > My setup works for IP chains.
> > > The /etc/sysctl.conf file has the following lines.

> > > net.ipv4.ip_forward = 1
> > > net.ipv4.ip_always_defrag = 1
> > > net.ipv4.conf.all.rp_filter = 1

> > Didn't ip_always_defrag go away in 2.4.x?

> Hey, it worked!
> I commented out the following line.
> # net.ipv4.ip_always_defrag = 1
> And now, everything is working great!
> Thanks.

Ummm,... on second thought,...  I don't think that the problem was with
defrag,...
I may have typed the following wrong.
iptables -t nat -A POSTROUTING -o pppO -j MASQUERADE
For ppp0, instead of typing "ppp" and zero, I may have typed "ppp" and the
letter O.
Oops!
--

Note that on RedHat 7.1 ipchains automatically start.  IP-Tables will not
run with ipchains running.  I believe to turn off ipchains you should
issue the command:  chkconfig --level 2345 ipchains off    Then issue the
command:  chkconfig --level 2345 iptables on  Then issue the command:  
service network restart  Also, someone else mentioned it, but are you
using ppp0 or are you using a NIC?  If you are using a nic then most
likely change ppp0 to eth0.

Glenn
LCA

--
Posted via CNET Help.com
http://www.help.com/