[NCLUG] Freedom from my ball and ipchains.

Charles Clarke clarke at clarkecomputer.com
Wed Feb 21 03:21:13 MST 2001


What does PC1's route table look like?  i.e. Does it know to send
everything through PC0?

charles

On Wed, 21 Feb 2001 thorson at aster.com wrote:

> Date: Wed, 21 Feb 2001 01:25:03 -0700 (MST)
> From: thorson at aster.com
> Reply-To: nclug at nclug.org
> To: nclug at nclug.org
> Subject: [NCLUG] Freedom from my ball and ipchains.
> 
> 
> With all the input I received on my masquerading question I was
> able to sit down and come up with the new rules to try and get
> my network going.
> 
> To refresh, here is my problem:
> 
>                                                   +----+
>                                      192.168.1.3  |    |
>                                     +-------------|PC1 |
>                                    [H]            |Win |
>              +----+  192.168.1.2    |             |    |
>              |    |-----------------+             +----+
>         ppp0 |    | eth0 (100baseT)
>        ------|PC0 |
>              |RH7 | eth1 (wireless)
>              |    |-----------------+             +----+
>              +----+  192.168.2.1    |             |    |
>                                     | 192.168.2.2 |PC2 |
>                                     +-------------|RH7 |
>                                                   |    |
>                                                   +----+
> 
> Tonight symptoms:
> 
>   PC0 can ping PC1,PC2 and anything out ppp0
>   PC2 can ping PC0,PC1 and anything out ppp0
>   PC1 can ping PC0 and nothing else
> 
> Tonights ipchains idea:
> 
>   /sbin/depmod -a
>   /sbin/modprobe ip_masq_ftp
>   echo "1" > /proc/sys/net/ipv4/ip_forward
>   /sbin/ipchains -M -S 7200 10 160
>   /sbin/ipchains -P forward DENY
>   /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
>   /sbin/ipchains -A forward -s 192.168.2.0/24 -j MASQ
>   /sbin/ipchains -A forward -b -s 192.168.1.0/24 -d 192.168.2.0/24
> 
> Producing these chain rules:
> 
>   Chain input (policy ACCEPT):
>   Chain forward (policy DENY):
>   target     prot opt     source                destination           ports
>   MASQ       all  ------  192.168.1.0/24       anywhere              n/a
>   MASQ       all  ------  192.168.2.0/24       anywhere              n/a
>   -          all  ------  192.168.1.0/24       192.168.2.0/24        n/a
>   -          all  ------  192.168.2.0/24       192.168.1.0/24        n/a
>   Chain output (policy ACCEPT):
> 
> Closer but not quite there.  Looking back at these symptoms I would
> guess that the gateway is set wrong on PC1.  Pretty darn sure I set
> it to 192.168.1.2 but it is too late to check.  The house is all asleep.
> Any other ideas?
> 
> Thanks for all the help.
> 
> Bill
> 
> 
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
> 


--------------------------------------------------------------------------
 Domain hosting from $15/month with error log analysis and link checking.
 http://www.clarkecomputer.com/sig.html       domains at clarkecomputer.com




More information about the NCLUG mailing list