Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not a 16 bit ( 255.255.0.0 ) It would be your firewall rules that are blocking you..... These two lines...... # iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD -d 192.168.0.0/16 -j ACCEPT # iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP the ip's should be 192.168.1.0/24 not 192.168.0.0/16 the way it's writen, you drop everthing on your subnet. Michael Floyd -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of fedora Sent: June 15, 2004 1:17 PM To: fedora-list@xxxxxxxxxx Subject: nat masquerade router Hi, I'd sure appreciate help with getting my router and host to work! Problem- FC2 Host cannot get Internet connection through FC2 Router. Description- Both FC2 machines use to work fine via a D-Link firewall router. I removed the D-Link to make my own Router, connected via CrossOver cable, to Host. (and yes it is a belkin #r7j304 5e 'crossover' cable, -I checked). The Router works fine, and gets Internet connection - the Host does not! Host at 192.168.1.10 can be PINGed and nmapped successfully by Router without packet loss. I have been using RedHat9 Bible by Christopher Negus as a guide, pp616 etc. but perhaps I missed something, or there's a major change w/ FC2 to get this to work, or i've just confused IP addressing? Any help appreciated... The ROUTER (Gigabyte GA7VRXP, eth0 is onboard RealTek NIC, & Netgear PCI card for eth1) 1_ router- blue.myvnc.com eth0 - dhcp eth1 - 192.168.1.1 SubNet Mask 255.255.255.0 Default Gateway: 0.0.0.0 2_ /etc/sysconfig/network reads: NETWORKING=yes HOSTNAME='blue.myvnc.com' GATEWAYDEV=eth0 2A_ in /etc/hosts reads: 127.0.0.1 localhost.localdomain localhost 192.168.1.10 red.myvnc.com red #red is the host 3_ /etc/sysctl.conf reads: net.ipv4.ip_forward = 1 4_ Added FORWARD rules # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD -d 192.168.0.0/16 -j ACCEPT # iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP # cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old cp: overwrite `/etc/sysconfig/iptables.old'? y # iptables-save > /etc/sysconfig/iptables # /etc/init.d/network restart Shutting down interface eth0: [ OK ] Shutting down interface eth1: [ OK ] Shutting down loopback interface: [ OK ] Disabling IPv4 packet forwarding: [ OK ] Setting network parameters: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ] Bringing up interface eth1: [ OK ] 5_ checked rules have been added # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere ACCEPT all -- 192.168.0.0/16 anywhere ACCEPT all -- anywhere 192.168.0.0/16 DROP all -- !192.168.0.0/16 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited The HOST MACHINE Asus A7N8X Deluxe, with onboard 3Com eth0, and Nvidia eth1 The cable IS connected to eth0, I checked physically and in network settings to see that eth0 corresponds to 3Com, not Nvidia. 6_ eth0 192.168.1.10 SubNet Mask 255.255.255.0 Default Gateway 192.168.1.1 7- /etc/hosts - the host can see itself and the router: 127.0.0.1 localhost.localdomain red.myvnc.com red 192.168.1.1 blue.myvnc.com blue 8_ no firewall present on host, I checked- #iptables -L Chain INPUT (Policy ACCEPT)... target... <no values > [FORWARD & OUTPUT, same, no values] What am I missing? the default gateway in part 1_ or 6_ above ? Is it the SubNet Masks? Any help appreciated, tia Chris -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
