Re: nat/masquerade with kernel 2.6.x

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Antonio Pérez" <aperlu@telefonica.net>
To: Andreas Grabner <andi@vnc.at>
Cc: netfilter@lists.netfilter.org
Subject: Re: nat/masquerade with kernel 2.6.x
Date: Sat, 11 Dec 2004 15:18:13 +0100	[thread overview]
Message-ID: <41BB01A5.5000406@telefonica.net> (raw)
In-Reply-To: <20041211133145.GA3027@utanet.at>

Andreas Grabner wrote:

>Hi
>
>On Sat, Dec 11, 2004 at 01:45:08PM +0100, Antonio Pérez wrote:
>  
>
>>   iptables --table nat --append POSTROUTING --out-interface 
>>$ifc_internet -j MASQUERADE
>>the hosts of the internal network can do ping to internet, and this is 
>>normal, but they can not open any web or conection the msn , they
>>only can do ping. This is very stranger. I try the kernels 
>>2.6.7,2.6.7,2.6.8 and 2.6.9 and they do no work.
>>    
>>
>You can ping so NAT and routing seems to work.
>Are there any other rules in the FORWARD chain? 
>
><try>
>maybe you should check if DNS is working?
></try>
>
>  
>
>>Can somebody help me, please?
>>    
>>
>send more Info e.g. output of 
>iptables -L -nvx
>iptables -t nat -nvx
>
>  
>
>>Sorry for my bad english.
>>    
>>
>me too ;-)
>
>
>Andreas Grabner
>
>
>  
>
I know that the dns is working because when I do "ping www.google.es" 
from  internal host  this  work.
There are not other rules in the FORWARD chain, look:

    Chain INPUT (policy ACCEPT 2 packets, 100 bytes)
        pkts      bytes target     prot opt in     out     
source               destination

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
        pkts      bytes target     prot opt in     out     
source               destination

    Chain OUTPUT (policy ACCEPT 5958 packets, 2480411 bytes)
        pkts      bytes target     prot opt in     out     
source               destination

and if i do iptables -t nat -L -nvx, then:

    Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
        pkts      bytes target     prot opt in     out     
source               destination

    Chain POSTROUTING (policy ACCEPT 1 packets, 60 bytes)
        pkts      bytes target     prot opt in     out     
source               destination
           0        0 MASQUERADE  all  --  *      eth1    
0.0.0.0/0            0.0.0.0/0

    Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes)
        pkts      bytes target     prot opt in     out     
source               destination

And this is all, :)

     prev parent reply	other threads:[~2004-12-11 14:18 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-11 12:45 nat/masquerade with kernel 2.6.x Antonio Pérez
2004-12-11 13:31 ` Andreas Grabner
2004-12-11 14:18   ` Antonio Pérez [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41BB01A5.5000406@telefonica.net \
    --to=aperlu@telefonica.net \
    --cc=andi@vnc.at \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox