NAT-setup: modification requared
Alain Spineux
aspineux at gmail.com
Wed Sep 2 08:27:11 UTC 2009
On Wed, Sep 2, 2009 at 7:07 AM, Hiisi<very-cool at rambler.ru> wrote:
> Dear List!
> I have F11 machine which shares WEB to small home wired network. F11
> computer has 3 ethernet adapters - one built in motherboard (eth0, 'main'
> adapter) and two additional cards (eth1,2). With grate help of this list and
> even greater help of google I was able to set up NAT over it. It worked
> perfect while there was only one client in the home network - window$
> laptop, connected to eth1 (eth2 was down). Now I added second laptop - it
> runs ubuntu. I turned on eth2 and tried to do the same trick with it but no
> lack until now. Here goes mine configuration:
> ifconfig
> eth0 Link encap:Ethernet HWaddr 00:0F:EA:22:A0:2C
> inet addr:192.168.0.203 Bcast:192.168.1.255 Mask:255.255.254.0
> inet6 addr: fe80::20f:eaff:fe22:a02c/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:124015 errors:0 dropped:0 overruns:0 frame:0
> TX packets:25838 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:21230917 (20.2 MiB) TX bytes:4769745 (4.5 MiB)
> Interrupt:19 Base address:0xe000
>
> eth1 Link encap:Ethernet HWaddr 00:80:48:2E:43:9C
> inet addr:192.168.2.20 Bcast:192.168.2.255 Mask:255.255.255.0
> inet6 addr: fe80::280:48ff:fe2e:439c/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:11044 errors:0 dropped:0 overruns:0 frame:0
> TX packets:9539 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:8868181 (8.4 MiB) TX bytes:3991105 (3.8 MiB)
> Interrupt:18 Base address:0x8000
>
> eth2 Link encap:Ethernet HWaddr 00:40:F4:98:DB:E9
> inet addr:192.168.2.40 Bcast:192.168.2.255 Mask:255.255.255.0
eth1 and eth2 use the same network 192.168.2.0/255.255.255.0 !
Here is your problem.
This is not a NAT problem but a routing problem.
You have two solutions :
First you use another network on eth2 , say ip=192.168.3.20 Mask:255.255.255.0
The second one is to add route to tell your F11 your ubuntu is on
eth2, but if you want your ubuntu to communicate with your windows,
you need to add route on both laptop about that.
The first one is the easiest :-)
> inet6 addr: fe80::240:f4ff:fe98:dbe9/64 Scope:Link
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:75 errors:0 dropped:0 overruns:0 frame:0
> TX packets:73 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:5935 (5.7 KiB) TX bytes:14586 (14.2 KiB)
> Interrupt:19 Base address:0xa000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:329 errors:0 dropped:0 overruns:0 frame:0
> TX packets:329 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:69191 (67.5 KiB) TX bytes:69191 (67.5 KiB)
>
> route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
This line say all addresses 192.168.2.* are on the eth1 side
> 192.168.2.0 * 255.255.255.0 U 0 0 0 eth2
This line say all addresses 192.168.2.* are on the eth2 side
Because eth1 is the first all packet will go to eth1
You need to replace this last one by
192.168.2.40 * 255.255.255.255 U 0 0 0 eth2
> 192.168.0.0 * 255.255.254.0 U 0 0 0 eth0
> link-local * 255.255.0.0 U 1002 0 0 eth0
> link-local * 255.255.0.0 U 1003 0 0 eth1
> link-local * 255.255.0.0 U 1004 0 0 eth2
> default mitht2.imt.ru 0.0.0.0 UG 0 0 0 eth0
>
> sysctl net.ipv4.ip_forward
> net.ipv4.ip_forward = 1
>
> iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> MASQUERADE all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> cat /etc/sysconfig/iptables
> # Generated by iptables-save v1.4.3.1 on Tue Sep 1 23:36:23 2009
> *nat
> :PREROUTING ACCEPT [1264:158963]
> :POSTROUTING ACCEPT [96:14688]
> :OUTPUT ACCEPT [462:49878]
> -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Tue Sep 1 23:36:23 2009
> # Generated by iptables-save v1.4.3.1 on Tue Sep 1 23:36:23 2009
> *filter
> :INPUT ACCEPT [7849:1116249]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1219:189475]
> -A FORWARD -i eth0 -j ACCEPT
> -A FORWARD -i eth1 -j ACCEPT
> -A FORWARD -i eth2 -j ACCEPT
> COMMIT
> # Completed on Tue Sep 1 23:36:23 2009
>
> Window$ laptop has 192.168.2.30 address and uses 192.168.2.20 (eth1 IP) as
> gateway. DNS is the same as on F11 machine.
> I've tried to set up 192.168.2.50 as IP for ubuntu laptop with default
> gateway of eth2 IP address: 192.168.2.40. It doesn't work. When I'm trying
> to ping 192.168.2.50 from F11 the result is:
> ping 192.168.2.50
> PING 192.168.2.50 (192.168.2.50) 56(84) bytes of data.
>>
>> From 192.168.2.20 icmp_seq=2 Destination Host Unreachable
>> From 192.168.2.20 icmp_seq=3 Destination Host Unreachable
>> From 192.168.2.20 icmp_seq=4 Destination Host Unreachable
>
> ^C
> As I can understand packets go from wrong IP. Namely, from eth1 when I would
> like them to go from eth2.
> How to fix that?
> Thank you for your attention!
> Respectfully
> --
> Hiisi.
> Registered Linux User #487982. Be counted at: http://counter.li.org/
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>
--
Alain Spineux
aspineux gmail com
May the sources be with you
More information about the users
mailing list