| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 51487 | 2004-11-22 09:01:00 | Linux router and iptables | Growly (6) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 294972 | 2004-11-22 09:01:00 | Hey there Wireless linux router running iptables. (Uses Pebble OS) Network a <--> router <--> Network B 10.0.0.0 <--> || <-- > 10.0.1.0 Network B can ping Network A addresses fine. Network A CANNOT ping Network A addresses. Pings look a bit like this: 10.0.0.0 <-- || <-- 10.0.1.0 10.0.0.0 --X || --X 10.0.1.0 Have searched google and done the following to iptables: iptables --flush iptables --table nat --flush iptables --append FORWARD -j ACCEPT iptables --append INPUT -j ACCEPT iptables --append OUTPUT -j ACCEPT End result: pebble:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere I'm so confused right now. I thought that the above rules meant that anything can go either way. Network links are fine - the linux router can ping all hosts. Even tried it like this: pebble:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere No difference. Me and my mate are currently only separated by this router. The fact that we've followed instructions, have good links, but can still only ping one way is of concern. Any help would be greatly appreciated. |
Growly (6) | ||
| 294973 | 2004-11-22 09:08:00 | Uh, that should read: Network A CANNOT ping Network A addresses. |
Growly (6) | ||
| 294974 | 2004-11-22 09:09:00 | No, it should read: Network A CANNOT ping Network B addresses. |
Growly (6) | ||
| 294975 | 2004-11-22 09:25:00 | I posted here recently (pressf1.pcworld.co.nz) I asked the same question a while back ;-) Click the Link to the NZLug History and it states it there k :-) Chill. |
Chilling_Silence (9) | ||
| 294976 | 2004-11-22 09:54:00 | Hey Chill thanks for the link. I read it all and it appears that what you were trying to achieve is significantly different to what we're trying to achieve - we do not need to route further than either of these two subnets. So: | SUBNET <--> ROUTER <--> SUBNET | Within the explanations given it was said that, for example, the router be configured for NAT (IP Masquerading), that it's default gateway (or gateway of last resort, thank you Cisco) be set to the DSL modem. That way whenever anything outside either subnet was issued, it would leave through there. Everthing else that was mentioned I don't think really applies to this situation. In theory, any router should automatically and without any configuration router from any directly connected subnet to any other directly connected subnet. In linux that's what I thought we'd achieved by simply enabling iptables and telling to accept and forward everything. I could be wrong, though, in which case I emplore you to put me in my place and correct me. :D |
Growly (6) | ||
| 294977 | 2004-11-22 10:07:00 | Try: iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface eth1 -j ACCEPT iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT |
Chilling_Silence (9) | ||
| 294978 | 2004-11-23 03:21:00 | I'm going to try that now. I still don't see why any NAT would be needed though... |
Growly (6) | ||
| 294979 | 2004-11-23 03:40:00 | It shouldn't be needed. I'm afraid I don't know IPTABLES stuff in Linux, but I do know you don't need NAT. Cheers George |
george12 (7) | ||
| 294980 | 2004-11-23 03:57:00 | NAT = Network Address Translation NAT is fine, you want the address translated right!?! - Just give it a whirl, should work no worries |
Chilling_Silence (9) | ||
| 1 | |||||