configuring iptables for masquerading

configuring iptables for masquerading

[Angel Tsankov]

[-- Attachment #1: Type: text/plain, Size: 408 bytes --]

I've configured iptables for masquerading and when some of the masqueraded hosts performs a trace route I get this:

tracert www.abv.bg

Tracing route to www.abv.bg [194.153.145.105]
over a maximum of 30 hops:

  1    17 ms     5 ms     6 ms  194.153.145.105

Trace complete.

This route is obviously too short. I have attached the /etc/rc.d/rc.iptables file. Could someone tell me what I have misconfigured?

[-- Attachment #2: rc.iptables.tar.gz --]
[-- Type: application/octet-stream, Size: 1405 bytes --]

Re: configuring iptables for masquerading

[Pascal Hambourg]

Hello,

Angel Tsankov a écrit :
> I've configured iptables for masquerading and when some of the 
> masqueraded hosts performs a trace route I get this:
> 
> tracert www.abv.bg

MS Windows traceroute ?

> Tracing route to www.abv.bg [194.153.145.105]
> over a maximum of 30 hops:
> 
>  1    17 ms     5 ms     6 ms  194.153.145.105
> 
> Trace complete.

Same with any source and destination hosts ?
Does "normal" access (web, ftp...) to the destination host work ?

This looks like the result of a TTL normalization that could be caused 
by an iptables rule with the TTL target in the 'mangle' table. You can 
dump the active ruleset with the command 'iptables-save'.

> This route is obviously too short. I have attached the 
> /etc/rc.d/rc.iptables file. Could someone tell me what I have misconfigured?

I don't see anything which could cause such behaviour in your script.