Em Qua, 2004-01-14 às 15:47, Alexander Dalloz escreveu: > > I have a fedora machine acting as NAT router between a small network and > > a adsl connection. Iptables is managing this. This is working for some > > time (redhat 8 -> redhat 9 -> fc1) I cannot even remember WHERE in init > > scripts this is configured. > > > > The booting sequence is: > > > > raises eth0 > > raises ppp0 (it auto-connects, get ip, and so on) > > web connection (my isp requires we access a web page for authentication > > - I have a small script that automates this) > > Dynamic ip. > > For some days now (I don't know what was the exact update, as I don't > > rebbot very often - this machine keeps up for weeks), but now, when I > > reboot, iptables doesn't do NAT anymore. The only way to get it working > > is doing a 'service iptables restart' and everything works again, which > > make me sure that iptables' nat config is ok. > > > > Can someone help me with this? This is preety annoying on these times of > > 2.4 -> 2.6 transition (when I reboot quite often) > > By the way, this behaviour is with 2.4.22.2140. > For such things a look into the syslog file /var/log/messages is a good > start. Here is what /var/log/messages say during boot: Jan 14 08:47:31 casa kernel: eth0: RealTek RTL8139 Fast Ethernet at 0xd8428000, 00:40:ca:99:f1:fe, IRQ 10 Jan 14 08:47:31 casa kernel: eth0: link up, 10Mbps, half-duplex, lpa 0x0000 Jan 14 08:47:31 casa kernel: ip_tables: (C) 2000-2002 Netfilter core team Jan 14 08:47:31 casa kernel: CSLIP: code copyright 1989 Regents of the University of California Jan 14 08:47:31 casa kernel: PPP generic driver version 2.4.2 (...) Jan 14 08:47:48 casa pppoe[3797]: Timeout waiting for PADO packets Jan 14 08:47:48 casa pppd[3796]: Exit. (...) Jan 14 08:47:50 casa pppd[4214]: pppd 2.4.1 started by root, uid 0 Jan 14 08:47:50 casa pppd[4214]: Using interface ppp0 Jan 14 08:47:50 casa pppd[4214]: Connect: ppp0 <--> /dev/pts/1 Jan 14 08:47:50 casa pppoe[4215]: PPP session is 30307 Jan 14 08:47:50 casa pppd[4214]: local IP address 200.164.21.238 Jan 14 08:47:50 casa pppd[4214]: remote IP address 200.217.127.41 Jan 14 08:47:50 casa pppd[4214]: primary DNS address 200.149.55.140 Jan 14 08:47:50 casa pppd[4214]: secondary DNS address 200.165.132.147 Until then, no nat. (it was connected anyway) Then, iptables restart and Jan 14 09:10:24 casa iptables: succeeded Jan 14 09:10:24 casa last message repeated 2 times Jan 14 09:10:24 casa kernel: ip_tables: (C) 2000-2002 Netfilter core team Jan 14 09:10:24 casa kernel: ip_conntrack version 2.1 (3008 buckets, 24064 max) - 292 bytes per conntrack > You should first find out where exactly your NAT is set up. I guess it > is configured in /etc/sysconfig/iptables as a service restart of > iptables is successful. Yes, it is. The relevant part of it is: *filter (close everything, opens what I want, etc) COMMIT # Completed on Sat Jun 28 18:25:27 2003 # Generated by iptables-save v1.2.7a on Sat Jun 28 18:25:27 2003 *nat :PREROUTING ACCEPT [2305:120747] :POSTROUTING ACCEPT [172:10464] :OUTPUT ACCEPT [180:10962] -A PREROUTING -d 192.168.0.1 -j DNAT --to-destination 200.223.0.83 -A PREROUTING -d 192.168.0.1 -j DNAT --to-destination 200.223.0.83 -A POSTROUTING -o ppp0 -j MASQUERADE -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Sat Jun 28 18:25:27 2003 This first commit may be the culprit. But this does not explain why it worked until now, and why it works after restarted and does not before. > Do you see iptables service start failing on bootup? You need to boot > with details at least or better without rhgb. Yes, it loads ok. > Maybe the needed iptables kernel modules are not loaded ok at boot time. > All just guesses as there is no self investigation information in your > mail. The weird is, no changes were made on this - as you can see, since june 28 2003... I'm still confused. -- []s Alexandre Ganso 500 FOUR vermelha - Diretor Steel Goose Moto Group
