IP Masquerading problem
Luca Corti
I'm configuring a linux box to give all PC's on a small lan Internet access.
The LAN is like this.
192.168.0.1
Router that accepts connections from a range of 5 addresses).
192.168.0.x from .2 to .6
Windows boxes with internet access through the router.
192.168.0.x from .7 to .xxx
Windows boxes without internet access.
Im' using a linux box with two NICs, Slackware 8.0, kernel 2.4.18 and
iptables 1.2.6a and the simple firewall ruleset provided with IP
MASQUERADING HOWTO.
I've set one NIC on 192.168.0.5 (internet enabled through the router)
and the other on 192.168.0.100. On the linux box .5 is the gateway for .100.
In the firewall ruleset I've set the first as externaland the second as
internal. I've also set up BIND to forward queries tothe ISP's servers.
From a Windows 2000 client of the LAN, when I try to ping an internet
address (eg. www.pippo.com) it gets the IP correctly (so BIND is
working), but it doesn't get any response.
I've set the client's networking like this:
IP:
192.168.0.25
Gateway: 192.168.0.100
DNS:
192.168.0.100
I'm using this simple firewall ruleset from the IP masquerading HOWTO.
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related
ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\nDone.\n"
Any ideas? Is y approach correct or am I missing something? Is it
possible that the router is the problem?(to which I have no access, and
which is probably oalready doing NAT from private to public IP address)
thanks
Luca