Re: nat masquerade router
Am Di, den 15.06.2004 schrieb Michael Floyd um 19:29:
Well I see that your using a 24 bit subnet mask ( 255.255.255.0 ) not
a 16
bit ( 255.255.0.0 )
It would be your firewall rules that are blocking you.....
Right.
These two lines......
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
the ip's should be 192.168.1.0/24 not 192.168.0.0/16
the way it's writen, you drop everthing on your subnet.
No :) That doesn't matter. 192.168.0.0/16 includes the 192.168.1.0/24
net. He is just bit more permissive than it needs. But does no harm.
What is causing the blocking is:
iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
It drops all incoming traffic not being from the private address range.
Thus packages from public internet are dropped.
What you intend is better placed to the INPUT chain.
Michael Floyd
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435
Serendipity 19:36:44 up 16:03, 8 users, 0.31, 0.29, 0.31
Attachments:
- signature.asc (application/pgp-signature — 189 bytes)