network routing.

Gary Artim gartim at gmail.com
Tue Mar 12 03:20:43 UTC 2013


I tried postrouting/masquerade in iptables on the router and still the
client hang on route command. Its like the client cant see the router.
But ping works fine in both directions. If I try and ping a known
address on the greater internet, nothing. So there is no route beyond
the subnet of 192.168.0.0. I know its something dumb cause I've done
this 10..12 times before and it aways worked or is working now on some
servers.

On Mon, Mar 11, 2013 at 7:12 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
> you do NOT need this on the client.
> and it is NOT enough if your machine works as NAT-router
>
> postrouting/masquerade is at least needed
>
> Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes)
>  pkts bytes target     prot opt in     out     source               destination
>    80  7964 MASQUERADE  all  --  *      eth1    192.168.2.0/24       0.0.0.0/0
>
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source               destination
>    48  2820 TCPMSS     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x02 TCPMSS
> clamp to PMTU
>     0     0 DROP       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:0
>     0     0 DROP       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:0
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x17
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x01
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x29
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x37
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02
> ctstate NEW
>     0     0 DROP       all  --  eth1   *       127.0.0.0/8          0.0.0.0/0
>     0     0 DROP       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            TTL match TTL < 5
>     0     0 DROP       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            TTL match TTL < 5
>     0     0 DROP       all  --  eth1   *       84.113.45.179        0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       0.0.0.0/8            0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       10.0.0.0/8           0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       127.0.0.0/8          0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       169.254.0.0/16       0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       172.16.0.0/12        0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       192.0.0.0/24         0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       192.0.2.0/24         0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       192.88.99.0/24       0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       192.168.0.0/16       0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       198.18.0.0/15        0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       198.51.100.0/24      0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       203.0.113.0/24       0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       224.0.0.0/4          0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       240.0.0.0/4          0.0.0.0/0
>     0     0 DROP       all  --  eth1   *       255.255.255.255      0.0.0.0/0
>  8734 4397K ACCEPT     all  --  eth1   br0     0.0.0.0/0            192.168.2.0/24       ctstate RELATED,ESTABLISHED
>  8698 3215K ACCEPT     all  --  br0    eth1    192.168.2.0/24       0.0.0.0/0
>     4  2304 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
>
> Am 12.03.2013 03:07, schrieb Gary Artim:
>> thanks, I forgot to mention I do have this set on both the client and
>> router, still doesnt work. something is fishie, I went home frustrated
>> and used my 2 laptops, one running mint linux, wirelessly, with a
>> ethernet port (as the router) and one running fedora 18 as the client
>> and got it to route -- ie ping yahoo.com. Go figure.
>>
>> On Mon, Mar 11, 2013 at 5:55 PM, zoom itman <rummymobile at gmail.com> wrote:
>>> On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim <gartim at gmail.com> wrote:
>>>> I have a problems using a patch cable and trying to route though
>>>> another machine
>>>
>>>
>>> This might help, on the machine doing the forwarding:
>>>
>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>
>>> Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists
>>> over reboots
>
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>


More information about the users mailing list