Iptables
Alex White
prata at ghostlike.homelinux.org
Sat Dec 20 11:08:11 UTC 2003
I've worked on this for about a week and have decided I am
stupid. Well that or I'm on some serious drugs. Maybe both?
My iptables configuration allows for forwarding of packets
from my gateway box (Fedora Core 1) with two ethernet cards.
eth0 is connected to a crossover cable (the crossover
connects to a second pc also running Fedora Core 1). eth1 is
connected to an ADSL modem (not a router not a proxy or
anything weird). eth1 and eth0 are capable of getting out to
the net as they are in the same physical machine, everything
just works.
On the second box, armed with a single ethernet card
connected to the previously mentioned crossover cable, no
iptables rules, internet access works just fine. I can
browse, and use gaim flawlessly. However, with this set up I
am unable to download anything on the box. When starting a
download, the machine will have a 100+ kb/s download which
within 10-30 seconds dies out to 0k/s. No downloads ever
finish.
What's weird about this is the fact that everything else
seems to work perfectly. ifconfig reveals no errors on the
cards. This is true of both machines. As a poor man's way of
showing you the physical set up here is a little diagram.
adsl modem <-----eth1<----eth0<------>eth0(Second box)
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/ip_dynaddr = 1
ip_conntrack (and its relatives) are loaded confirmed via
the following lsmod (snipped for just iptables stuff):
ipv6 231424 12 <---- is this of interest?
ipt_MASQUERADE 2816 1
iptable_nat 20140 2 ipt_MASQUERADE
ipt_TOS 1920 7
iptable_mangle 2112 1
ipt_REJECT 5312 1
ipt_state 1472 17
ip_conntrack 26800 3
ipt_MASQUERADE,iptable_nat,ipt_state iptable_filter
2176 1 ip_tables 15488 7
ipt_MASQUERADE,iptable_nat,ipt_TOS,iptable_mangle,ipt_REJEC
T,ipt_state,iptable_filter
Any help would be appreciated. I'm willing to try just about
aything at this point, as the second box can't be easily
upgraded without me ftping everything TO the machine from
the routing box (which is named ghostlike, the second box is
called etheric).
Is there a way to get downloads to function on etheric? Or
am I just out of luck. This worked previously in RH9 with a
similar to identical set up. I say similar because I may be
forgetting a setting somewhere. Otherwise, it's identical.
Thanks in Advance,
Alex
More information about the users
mailing list