[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

 "http://www.w3.org/TR/html4/loose.dtd">




<li>date: Tue Jun 15 13:27:19 2004</li>
<li>from: alelist at christopherrussell.net (alelist)</li>
<li>subject: [ale] nat masquerade router</li>

Problem-
FC2 Host cannot get Internet connection through FC2 Router.

Description-
Both FC2 machines use to work fine via a D-Link firewall router.

I took out the D-Link and made one machine my own FC2 Router, connected
via CrossOver cable, to the other machine as FC2 Host. (and yes it is a
belkin #r7j304 5e 'crossover' cable, -I checked). The Router works fine,
but the Host cannot get Internet connection.

Host at 192.168.1.10 can be PINGed and nmapped successfully by Router
without packet loss.

I have been using RedHat9 Bible by Christopher Negus as a guide, pp616
etc. but perhaps I missed something, or there's a major change w/ FC2 to
get this to work, or i've just confused IP addressing?

Any help appreciated...


The ROUTER
(Gigabyte GA7VRXP, eth0 is onboard RealTek NIC, &amp; Netgear PCI card for
eth1)

1_ router-
blue.myvnc.com
eth0 - dhcp
eth1 - 192.168.1.1
SubNet Mask 255.255.255.0
Default Gateway: 0.0.0.0

2_
/etc/sysconfig/network reads:
NETWORKING=yes
HOSTNAME='blue.myvnc.com'
GATEWAYDEV=eth0

2A_ in /etc/hosts reads:
127.0.0.1       localhost.localdomain   localhost
192.168.1.10    red.myvnc.com red
#red is the host

3_
/etc/sysctl.conf reads:
net.ipv4.ip_forward = 1

4_
Added FORWARD rules

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -s 192.168.0.0/16 -j ACCEPT# iptables -A FORWARD
-d 192.168.0.0/16 -j ACCEPT
# iptables -A FORWARD -s ! 192.168.0.0/16 -j DROP
# cp /etc/sysconfig/iptables /etc/sysconfig/iptables.old
cp: overwrite `/etc/sysconfig/iptables.old'? y
# iptables-save &gt; /etc/sysconfig/iptables
# /etc/init.d/network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Disabling IPv4 packet forwarding:                          [  OK  ]
Setting network parameters:                                [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
Bringing up interface eth1:                                [  OK  ]

5_ checked rules have been added
# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
ACCEPT     all  --  192.168.0.0/16       anywhere
ACCEPT     all  --  anywhere             192.168.0.0/16
DROP       all  -- !192.168.0.0/16       anywhere
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW
tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited


The HOST MACHINE
Asus A7N8X Deluxe, with onboard 3Com eth0, and Nvidia eth1
The cable IS connected to eth0, I checked physically and in network
settings to see that eth0 corresponds to 3Com, not Nvidia.

6_ eth0
192.168.1.10
SubNet Mask 255.255.255.0
Default Gateway 192.168.1.1

7- /etc/hosts - the host can see itself and the router:
127.0.0.1 localhost.localdomain red.myvnc.com red
192.168.1.1 blue.myvnc.com blue

8_ no firewall present on host, I checked-
#iptables -L
Chain INPUT (Policy ACCEPT)... target... &lt;no values &gt;
[FORWARD &amp; OUTPUT, same, no values]


What am I missing? the default gateway in part 6_ above ?
the SubNet Masks?

Any help appreciated, tia

Chris


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00313.html">[ale] glibc compatibility problem</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00315.html">[ale] home backup system</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00344.html">[ale] home backup system</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00319.html">[ale] Apache on RH AS3 in RPM heck</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00314"><strong>Date</strong></a></li>
<li><a href="threads.html#00314"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>

Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread