[NTLUG:Discuss] iptables / router problem
kbrannen@gte.net
kbrannen at gte.net
Wed Apr 2 00:55:55 CST 2003
Chris Cox wrote:
> kbrannen at gte.net wrote:
> ...snip...
>
>> ###
>> iptables --flush
>> iptables --table nat --flush
>> iptables --delete-chain
>> iptables --table nat --delete-chain
>>
>> # Set up IP FORWARDing and Masquerading
>> iptables --table nat --append POSTROUTING --out-interface eth0 -j
>> MASQUERADE
>> iptables --append FORWARD --in-interface eth1 -j ACCEPT
>>
>> # Enables packet forwarding by kernel
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>> # Create a route for internal packets
>> route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.0.1 dev eth1
>> ###
>
>
> If you've got IP forwarding enabled and both interfaces are local... it
> already knows how to move packets from one net to the other. Local
> hosts will use your 192.168.1.1 as their default gateway.
Which implies it should have worked...it wasn't. But it is now. The problem
was DNS. My previous router, a 3Com ISDN LanModem, would auto-forward (?)
DNS, so my client machines did "nameserver 192.168.1.1", which does not work
now. When set to my ISP's DNS server, it all starts working.
I should have tried pinging by number sooner. :-(
Anyway, I can see that I need to read more about iptables to do more fun
things. But one line above has me wondering after reading the man page, I'm
wondering about the line:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
Since I have a static IP from my ISP, the man page seems to indicate that I
should use "SNAT" not "MASQUERADE". Yes or No?
Thanks for the help guys! The TrinityOS site seems to have some useful stuff too.
Kevin
More information about the Discuss
mailing list