From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Kevork" Subject: Re: Did MASQUERADE not work ? Date: Wed, 10 Mar 2004 20:39:50 -0300 Sender: netfilter-admin@lists.netfilter.org Message-ID: <013401c406f8$fb20bfa0$6cfaa8c0@Defiant> References: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0131_01C406DF.D55AD530" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0131_01C406DF.D55AD530 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable The only thing I did not try was SNAT as you advise here ... I will try = this today, but (always there is a "but"), when I post this mail masquering = was not working as I described ... that was yesterday night. Today morning (no change in the meanwhile), masquering was working :S No FORWARD policy is active. DHCP leasing is OK I put "-o eth1" also. $internet is "0.0.0.0/0" (I copy the entire script bellow) I will try SNAT then, but now I must wait for "not working again" ... = This has life ! :-)) Thank you all off you for your help ... I will keep you updated about = this fight. Kevork. ----- Original Message -----=20 From: hclfm@pricol.co.in=20 To: Rob Sterenborg=20 Cc: 'Kevork' ; netfilter@lists.netfilter.org=20 Sent: Wednesday, March 10, 2004 6:13 AM Subject: RE: Did MASQUERADE not work ? > Iptables script is the same as when it worked. > MASQ line is: > iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -d > $internet -j MASQUERADE Hi , You have missed the outgoing interface "-o" option ( Internet = Interface ) iptables -t nat -A POSTROUTING -o eth1 -s 192.168.250.0/24 -d $internet -j MASQUERADE must work. regards, U.SivaKumar, Networking & E-Security, HCL INFOSYSTEMS LIMITED, "The Purpose of Computing is Insight, Not Numbers"=20 "Rob Sterenborg" Sent by: netfilter-admin@lists.netfilter.org 03/10/2004 08:52 AM CET To: "'Kevork'" , cc:=20 bcc:=20 Subject: RE: Did MASQUERADE not work ? > Iptables script is the same as when it worked. > MASQ line is: > iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -d > $internet -j MASQUERADE What is "-d $internet" ? If $internet is 0.0.0.0 (as it should be) then you don't need to = specify it as this is assumed. Did you try SNAT : iptables -t nat -A POSTROUTING -o \ -s 192.168.250.0/24 -j SNAT --to-source Do you have a FORWARD rule in place that allows MASQ/SNAT, or do you = have FORWARD policy set to ACCEPT (which you should not do) ? Do you have "echo 1 > /proc/sys/net/ipv4/ip_forward" ? Gr, Rob =3D ------=_NextPart_000_0131_01C406DF.D55AD530 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

The only thing=20 I did not try was SNAT as you advise here ... I will try this
today, = but=20 (always there is a "but"), when I post this mail masquering was
not = working=20 as I described ... that was yesterday night.

Today morning (no = change in=20 the meanwhile), masquering was working :S

No FORWARD policy = is=20 active.
DHCP leasing is OK
I put "-o eth1" also.
$internet is=20 "0.0.0.0/0" (I copy the entire script bellow)

I will try SNAT = then, but=20 now I must wait for "not working again" ... This
has life = ! =20 :-))

Thank you all off you for your help ... I will keep you = updated=20 about this
fight.

Kevork.

----- Original Message -----

From:=20 hclfm@pricol.co.in

To: Rob Sterenborg

Cc: 'Kevork' ; netfilter@lists.netfilter.o= rg=20

Sent: Wednesday, March 10, 2004 = 6:13=20 AM

Subject: RE: Did MASQUERADE not = work=20 ?

> Iptables script is the same as when it=20 worked.
> MASQ line is:
> iptables -t nat -A POSTROUTING = -s=20 192.168.250.0/24 -d
> $internet -j MASQUERADE

Hi ,

You have missed the outgoing interface "-o" = option (=20 Internet Interface )

iptables -t nat -A POSTROUTING -o eth1 -s=20 192.168.250.0/24 -d
$internet -j MASQUERADE

must work.

regards,

U.SivaKumar,
Networking & E-Security,
HCL = INFOSYSTEMS LIMITED,

"The Purpose of Computing is Insight, Not = Numbers"=20

"Rob Sterenborg" <rob@sterenborg.info>
Sent by: netfilter-admin@lists= .netfilter.org
03/10/2004 08:52 AM CET

To: "'Kevork'" <rxlm@comintec.com.ar>,=20 <netfilter@lists.netfilter.org>
cc:=20
bcc:
Subject: = RE:=20 Did MASQUERADE not work ?

> Iptables script is the same as = when it=20 worked.
> MASQ line is:
> iptables -t nat -A POSTROUTING = -s=20 192.168.250.0/24 -d
> $internet -j = MASQUERADE

What is "-d $internet" ?
If $internet is = 0.0.0.0 (as=20 it should be) then you don't need to specify it
as this is=20 assumed.

Did you try SNAT = :
iptables -t nat -A POSTROUTING -o <if_inet> \
-s=20 192.168.250.0/24 -j SNAT --to-source = <ip_inet>

Do you have a FORWARD rule in place that = allows=20 MASQ/SNAT, or do you have
FORWARD policy set to ACCEPT (which you = should=20 not do) ?

Do you have = "echo 1 >=20 /proc/sys/net/ipv4/ip_forward" ?

Gr,
Rob

=3D= ------=_NextPart_000_0131_01C406DF.D55AD530--