[NCLUG] Freedom from my ball and ipchains.
thorson at aster.com
thorson at aster.com
Wed Feb 21 01:25:03 MST 2001
With all the input I received on my masquerading question I was
able to sit down and come up with the new rules to try and get
my network going.
To refresh, here is my problem:
+----+
192.168.1.3 | |
+-------------|PC1 |
[H] |Win |
+----+ 192.168.1.2 | | |
| |-----------------+ +----+
ppp0 | | eth0 (100baseT)
------|PC0 |
|RH7 | eth1 (wireless)
| |-----------------+ +----+
+----+ 192.168.2.1 | | |
| 192.168.2.2 |PC2 |
+-------------|RH7 |
| |
+----+
Tonight symptoms:
PC0 can ping PC1,PC2 and anything out ppp0
PC2 can ping PC0,PC1 and anything out ppp0
PC1 can ping PC0 and nothing else
Tonights ipchains idea:
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
/sbin/ipchains -A forward -s 192.168.2.0/24 -j MASQ
/sbin/ipchains -A forward -b -s 192.168.1.0/24 -d 192.168.2.0/24
Producing these chain rules:
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ 192.168.1.0/24 anywhere n/a
MASQ all ------ 192.168.2.0/24 anywhere n/a
- all ------ 192.168.1.0/24 192.168.2.0/24 n/a
- all ------ 192.168.2.0/24 192.168.1.0/24 n/a
Chain output (policy ACCEPT):
Closer but not quite there. Looking back at these symptoms I would
guess that the gateway is set wrong on PC1. Pretty darn sure I set
it to 192.168.1.2 but it is too late to check. The house is all asleep.
Any other ideas?
Thanks for all the help.
Bill
More information about the NCLUG
mailing list