--- Jeff Vian <jvian10@xxxxxxxxxxx> wrote: > On Wed, 2005-08-31 at 17:16 -0700, Antonio Olivares > wrote: > > > > --- Jeff Vian <jvian10@xxxxxxxxxxx> wrote: > > > > > On Wed, 2005-08-31 at 12:20 -0700, Antonio > Olivares > > > wrote: > > > > > > > > --- Antonio Olivares <olivares14031@xxxxxxxxx> > > > wrote: > > > > > > > > > > > > > > > > > > > --- Alexander Dalloz <ad+lists@xxxxxxxxx> > wrote: > > > > > > > > > > > Am Di, den 30.08.2005 schrieb Antonio > Olivares > > > um > > > > > > 15:02: > > > > > > > > > > > > > > Make sure you have forwarding set on > on > > > the > > > > > > gateway > > > > > > > > host: > > > > > > > > > > > > > > > > $ cat /proc/sys/net/ipv4/ip_forward > > > > > > > > > > > > > > > > must print out "1" (without quotes). > If it > > > > > does > > > > > > not, > > > > > > > > then activate it in > > > > > > > > /etc/sysctl.conf and run "sysctl -p". > Make > > > too > > > > > > sure > > > > > > > > the gateway does NAT > > > > > > > > by an iptables rule like: > > > > > > > > > > > > > > > > iptables -A POSTROUTING -o eth0 -j > > > MASQUERADE > > > > > > > > > > > > > > > > [eth0 should be in your case the > outgoing > > > > > > device] > > > > > > > > > > > > > > eth0 is the incoming connection should > eth1 > > > be > > > > > the > > > > > > > outgoing. I'm a little confused but > getting > > > > > > there. > > > > > > > > > > > > The device given with -o <device> has to > be > > > the > > > > > > public net device. > > > > > > > > > > > > > [root@rio ~]# cat > > > /proc/sys/net/ipv4/ip_forward > > > > > > > 1 > > > > > > > > > > > > Ok. > > > > > > > > > > > > > [root@rio ~]# iptables -A POSTROUTING -o > > > eth0 -j > > > > > > > MASQUERADE > > > > > > > iptables: No chain/target/match by that > name > > > > > > > > > > > > Sorry, my fault. Above should have been > for > > > the > > > > > NAT > > > > > > table (by default > > > > > > iptables takes the filter table): > > > > > > > > > > > > > > > > > > > > === message truncated === > > > > > > > I'm trying continually to solve this issue and > I > > > have > > > > tried with a windows2000 machine and I get > this > > > > > > > > > > Reading thru what you have below, this seems to > most > > > certainly be a > > > routing/firewalling/masquerading issue on the > linux > > > box. > > > > > > >From the windows box try this and let us know > the > > > results. > > > 1. ping 192.168.100.1 > > > > [olivares@rio floppy]$ cat ping1 > > > > Pinging 192.168.100.1 with 32 bytes of data: > > > > Reply from 192.168.100.1: bytes=32 time<10ms > TTL=64 > > Reply from 192.168.100.1: bytes=32 time<10ms > TTL=64 > > Reply from 192.168.100.1: bytes=32 time<10ms > TTL=64 > > Reply from 192.168.100.1: bytes=32 time<10ms > TTL=64 > > > > Ping statistics for 192.168.100.1: > > Packets: Sent = 4, Received = 4, Lost = 0 (0% > > loss), > > Approximate round trip times in milli-seconds: > > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > > > > > > 2. ping 10.154.19.136 > > > > [olivares@rio floppy]$ cat ping2 > > > > Pinging 10.154.19.136 with 32 bytes of data: > > > > Reply from 10.154.19.136: bytes=32 time<10ms > TTL=64 > > Reply from 10.154.19.136: bytes=32 time<10ms > TTL=64 > > Reply from 10.154.19.136: bytes=32 time<10ms > TTL=64 > > Reply from 10.154.19.136: bytes=32 time<10ms > TTL=64 > > > > Ping statistics for 10.154.19.136: > > Packets: Sent = 4, Received = 4, Lost = 0 (0% > > loss), > > Approximate round trip times in milli-seconds: > > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > > > > > > > > > 3. If both those work, then try a ping to > > > 10.154.19.130 > > > > [olivares@rio floppy]$ cat ping3 > > > > Pinging 10.154.19.130 with 32 bytes of data: > > > > Request timed out. > > Request timed out. > > Reply from 10.154.19.136: Destination host > > unreachable. > > Request timed out. > > > > Ping statistics for 10.154.19.130: > > Packets: Sent = 4, Received = 1, Lost = 3 (75% > > loss), > > Approximate round trip times in milli-seconds: > > Minimum = 0ms, Maximum = 0ms, Average = 0ms > > [olivares@rio floppy]$ > > > > Ok, this clearly shows that it is likely you are > having problems with > NAT (masquerading) &/or routing/firewalling. Your > windows machine can > connect to and see both interfaces on the Linux > server but cannot get > beyond that. I assume your Linux box has full access > to the internet > when I say this. > > Check out the basic firewall rules for doing ip > forwarding and > masquerading. In your case eth1 is the LAN and eth0 > is the WAN. > > I do not have a basic setup available for FC > firewalling since my > firewall machine is running RH7.3 with ipchains and > FC uses iptables. > (My firewall machine is an old P3 with only 32mb > memory and cannot run > any version of FC.) > > I will try to set up a list of rules that are basic > and will handle what > you need and send a sample to you. Others may beat > me to it, and > welcome if they do. > > To see what you currently have as iptables rules, > try "iptables -L" and > send that. > Also send the contents of /etc/sysconfig/iptables > === message truncated === [olivares@rio ~]$ iptables -L bash: iptables: command not found [olivares@rio ~]$ su - Password: [root@rio ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT ipv6-crypt-- anywhere anywhere ACCEPT ipv6-auth-- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353 ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@rio ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.2.11 on Wed Aug 31 07:52:24 2005 *mangle :PREROUTING ACCEPT [4991:3431359] :INPUT ACCEPT [4887:3424427] :FORWARD ACCEPT [96:6000] :OUTPUT ACCEPT [4459:969407] :POSTROUTING ACCEPT [4475:971455] COMMIT # Completed on Wed Aug 31 07:52:24 2005 # Generated by iptables-save v1.2.11 on Wed Aug 31 07:52:24 2005 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [4467:969967] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT -A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Aug 31 07:52:24 2005 # Generated by iptables-save v1.2.11 on Wed Aug 31 07:52:24 2005 *nat :PREROUTING ACCEPT [759:76421] :POSTROUTING ACCEPT [4:288] :OUTPUT ACCEPT [394:23805] -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Wed Aug 31 07:52:24 2005 [root@rio ~]# cat /proc/sys/net/ipv4/ip_forward 1 [root@rio ~]# Thanks for all your help and suggestions. It will work. It is just a matter of finding where things are stopping. Best Regards, Antonio ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs