Ask Your Question
0

basic NAT/masquerading setup

asked 2013-09-19 12:28:02 -0500

nszhruy gravatar image

updated 2013-09-19 20:48:32 -0500

FranciscoD_ gravatar image

Hello:

I'm trying to set up simple NAT/masquerading on a dual NIC host (hostname == "psi") running fedora 19, so hosts on my LAN can access Internet by routing thru host "psi".

Interface p1p1 is on my LAN, p2p1 is on Internet.

I got the "design" of below /etc/iptables from another of my older (fedora core 10) hosts, where NAT/masquerading works fine.

Everything but the NAT/masquerading works.
On one of my LAN windows hosts named 'neon' I changed the default route point to host "psi" on LAN side (10.164.123.202):

 # neon adm_tsr $ ping 10.164.123.202 64 1
 PING 10.164.123.202 (10.164.123.202): 64 data bytes
 72 bytes from 10.164.123.202: icmp_seq=0 ttl=64 time=0 ms
 --snip
 1 packets transmitted, 1 packets received, 0.0% packet loss
 round-trip (ms)  min/avg/max/med = 0/0/0/0
 # neon adm_tsr $ ipconfig
 --snip
         IP Address. . . . . . . . . . . . : 10.164.123.211
         Subnet Mask . . . . . . . . . . . : 255.255.255.0
         Default Gateway . . . . . . . . . : 10.164.123.202
 # neon adm_tsr $ wget URL-TO-GNU.ORG-HERE    -O -  # 208.118.235.148 == gnu.org
 --2013-09-19 11:16:48--  URL-TO-GNU.ORG-HERE    
 Connecting to 208.118.235.148:80... failed: Connection timed out.
 --snip

I ran "tcpdump -vv host 10.164.123.202 and 10.164.123.211" and saw nothing during the wget.

Constructive comments or help would be appreciated.


thanks/regards, Tom


 # 11:02:19 Thu 0919 /etc/sysconfig
 # psi root # ifconfig
 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
         inet 127.0.0.1  netmask 255.0.0.0
         inet6 ::1  prefixlen 128  scopeid 0x10<host>
         loop  txqueuelen 0  (Local Loopback)
         RX packets 2  bytes 140 (140.0 B)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 2  bytes 140 (140.0 B)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 p1p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
         inet 10.164.123.202  netmask 255.255.255.0  broadcast 10.164.123.255
         inet6 fe80::20a:cdff:fe21:413b  prefixlen 64  scopeid 0x20<link>
         ether 00:0a:cd:21:41:3b  txqueuelen 1000  (Ethernet)
         RX packets 10271  bytes 808599 (789.6 KiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 21931  bytes 6241567 (5.9 MiB)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 p2p1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
         inet THREE_OCTETS_HERE.130  netmask 255.255.255.248  broadcast THREE_OCTETS_HERE.135
         inet6 fe80::96de:80ff:fe70:5cc0  prefixlen 64  scopeid 0x20<link>
         ether 94:de:80:70:5c:c0  txqueuelen 1000  (Ethernet)
         RX packets 0  bytes 0 (0.0 B)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 0  bytes 0 (0.0 B)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
         device interrupt 18

 # 11:02:56 Thu 0919 /etc/sysconfig
 # psi root # cat iptables
 # iptables comments apparently require poundsign in column 1

 # Internet facing port is p2p1
 # LAN: p1p1

 *nat
 :PREROUTING ACCEPT ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2013-09-19 13:00:58 -0500

nszhruy gravatar image

Solved:

On Thu 9/19/13 12:58 CDT I wrote:

On Thu 9/19/13 10:36 PDT Phil Oester wrote:

On Thu, Sep 19, 2013 at 11:36:30AM -0500, I wrote:

I'm trying to set up simple NAT/masquerading on a dual NIC host (hostname == "psi") running fedora 19, so hosts on my LAN can access Internet by routing thru host "psi".

Interface p1p1 is on my LAN, p2p1 is on Internet.

I got the "design" of below /etc/iptables from another of my older (fedora core 10) hosts, where NAT/masquerading works fine.

Everything but the NAT/masquerading works.

What does sysctl net.ipv4.ip_forward show? If 0, you need to change to 1.

Thanks Phil, that was it! (embarrassed) I wrongly recalled updating /etc/sysctl.conf, and assumed net.ipv4.ip_forward was '1'. It's fixed/working across a reboot now.


Tom

edit flag offensive delete link more

Question Tools

Stats

Asked: 2013-09-19 12:28:02 -0500

Seen: 1,372 times

Last updated: Sep 19 '13