network routing.
Reindl Harald
h.reindl at thelounge.net
Tue Mar 12 02:12:51 UTC 2013
you do NOT need this on the client
and it is NOT enough if your machine works as NAT-router
postrouting/masquerade is at least needed
Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes)
pkts bytes target prot opt in out source destination
80 7964 MASQUERADE all -- * eth1 192.168.2.0/24 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
48 2820 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS
clamp to PMTU
0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:0
0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:0
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
ctstate NEW
0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5
0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5
0 0 DROP all -- eth1 * 84.113.45.179 0.0.0.0/0
0 0 DROP all -- eth1 * 0.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eth1 * 10.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eth1 * 169.254.0.0/16 0.0.0.0/0
0 0 DROP all -- eth1 * 172.16.0.0/12 0.0.0.0/0
0 0 DROP all -- eth1 * 192.0.0.0/24 0.0.0.0/0
0 0 DROP all -- eth1 * 192.0.2.0/24 0.0.0.0/0
0 0 DROP all -- eth1 * 192.88.99.0/24 0.0.0.0/0
0 0 DROP all -- eth1 * 192.168.0.0/16 0.0.0.0/0
0 0 DROP all -- eth1 * 198.18.0.0/15 0.0.0.0/0
0 0 DROP all -- eth1 * 198.51.100.0/24 0.0.0.0/0
0 0 DROP all -- eth1 * 203.0.113.0/24 0.0.0.0/0
0 0 DROP all -- eth1 * 224.0.0.0/4 0.0.0.0/0
0 0 DROP all -- eth1 * 240.0.0.0/4 0.0.0.0/0
0 0 DROP all -- eth1 * 255.255.255.255 0.0.0.0/0
8734 4397K ACCEPT all -- eth1 br0 0.0.0.0/0 192.168.2.0/24 ctstate RELATED,ESTABLISHED
8698 3215K ACCEPT all -- br0 eth1 192.168.2.0/24 0.0.0.0/0
4 2304 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Am 12.03.2013 03:07, schrieb Gary Artim:
> thanks, I forgot to mention I do have this set on both the client and
> router, still doesnt work. something is fishie, I went home frustrated
> and used my 2 laptops, one running mint linux, wirelessly, with a
> ethernet port (as the router) and one running fedora 18 as the client
> and got it to route -- ie ping yahoo.com. Go figure.
>
> On Mon, Mar 11, 2013 at 5:55 PM, zoom itman <rummymobile at gmail.com> wrote:
>> On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim <gartim at gmail.com> wrote:
>>> I have a problems using a patch cable and trying to route though
>>> another machine
>>
>>
>> This might help, on the machine doing the forwarding:
>>
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>> Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists
>> over reboots
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130312/7bc33d60/attachment.sig>
More information about the users
mailing list