[svlug] Masq problem w/ ipchains
Todd Lyons
todd at mrball.net
Fri Jun 8 00:13:02 PDT 2001
begin Steve M Bibayoff quotation:
>
>eth0 Link encap:Ethernet HWaddr 00:90:27:FC:75:EB
> inet addr:172.16.23.200 Bcast:172.16.23.255 Mask:255.255.252.0
>eth1 Link encap:Ethernet HWaddr 00:90:27:FC:75:EC
> inet addr:172.20.20.27 Bcast:172.20.20.255 Mask:255.255.255.0
>sl0 Link encap:Serial Line IP
> inet addr:172.16.23.201 P-t-P:192.168.3.1 Mask:255.255.255.255
Which interface is your external interface? Are you trying to
masquerade traffic from sl0->eth0 or sl0->eth1 ? I would guess
sl0->eth1.
Rearranging for clarity:
>Destination Gateway Genmask Flags Metric Ref Use Iface
>192.168.3.1 * 255.255.255.255 UH 0 0 0 sl0
Cool
>172.16.22.0 * 255.255.255.0 U 0 0 0 sl0
Where'd .22.0 come from?
>172.16.21.0 * 255.255.255.0 U 0 0 0 sl0
Where'd .21.0 come from?
>172.16.20.0 * 255.255.255.0 U 0 0 0 sl0
sl0 is .23.0 not .20.0
>172.16.20.0 * 255.255.252.0 U 0 0 0 eth0
eth0 is .23.0 not .20.0
>172.20.20.0 * 255.255.255.0 U 0 0 0 eth1
>127.0.0.0 * 255.0.0.0 U 0 0 0 lo
>default 172.20.20.27 0.0.0.0 UG 0 0 0 eth1
So examine two extra routes and fix eth0 and sl0 routes. And the default
gw answers the earlier question of which one is external.
># ipchains --list
>Chain input (policy ACCEPT):
>Chain forward (policy DENY):
>target prot opt source destination ports
>MASQ all ------ 172.16.20.0/24 anywhere n/a
I think source should be 172.16.23.0/24. .20.0 is your external
interface. I don't think you want to masquerade your external
interface to the rest of the world.
--
Blue skies... Todd
| Get a bigger hammer! | Are you feeling lucky...punk? |
| http://www.mrball.net | I've had better days... |
| http://faq.mrball.net | It's the end of the world as we know i|
More information about the svlug
mailing list