Masquerade difficulties - Andrew Beekhof

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Beekhof <beekhof@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Masquerade difficulties
Date: Fri, 7 Jan 2005 22:42:34 +0100	[thread overview]
Message-ID: <26ef5e705010713424fac90a9@mail.gmail.com> (raw)

Hi All,

I'm having some difficulties getting masquerading to work and hoping
for some pointers...

The server (BoxA) has an ipsec (openswan) connection to another
network and I've run:
        echo 1 > /proc/sys/net/ipv4/ip_forward
        iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

On the client (BoxB) I've set the gateway for the other network to be BoxA.

Normally that does the trick, but not today...
If BoxB tries to ping BoxC, I can see BoxA forwarding the request but
it never gets an answer to forward back to BoxB.  Obviously BoxA can
ping BoxC directly.

There are no errors in dmesg or /var/log/messages and I tried
comparing "-j LOG" entries from my old server (a SLES9 box) where
masquerading works with those from my new server and everything looks
the same... it just doesn't work :(

Any pointers on what I'm missing or things to try would be appreciated.

Andrew

Distro: Gentoo
Kernel: 2.6.9-gentoo-r13
iptables: iptables v1.2.11
Openswan: Linux Openswan U2.2.0/K2.6.9-gentoo-r13 (native)

next             reply	other threads:[~2005-01-07 21:42 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-01-07 21:42 Andrew Beekhof [this message]
  -- strict thread matches above, loose matches on Subject: below --
2005-01-07 22:12 Masquerade difficulties Trevor Cordes
2005-01-08 10:03 ` Andrew Beekhof
2005-01-08 20:56   ` Andrew Beekhof

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=26ef5e705010713424fac90a9@mail.gmail.com \
    --to=beekhof@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.