Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > MASQ system not pinging outside address

Reply
Thread Tools Display Modes

MASQ system not pinging outside address

 
 
lekkie.aydot@gmail.com
Guest
Posts: n/a

 
      05-18-2005, 10:43 AM
I havr configutrd my LAN and it's fine However it can't browse the
internet.
The MASQed machine (Windows) cannot ping the ISP gateway thru the
router but it can ping the router (Linux local gateway) both internal
and external IP address.
But it doesn't ping the ISP gateway and other internet addresses like
ping google et al.

My firewall script looks like this:
#!/bin/sh
#
# rc.firewall-iptables
FWVER=0.76
#
# Initial SIMPLE IP Masquerade test for 2.6 / 2.4 kernels
# using IPTABLES.


echo -e "\n\nLoading simple rc.firewall version $FWVER..\n"

IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe


#Setting the EXTERNAL and INTERNAL interfaces for the network
#
EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"



echo -en " loading modules: "

# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
$DEPMOD -a

echo -en "ip_tables, "
$MODPROBE ip_tables


#Load the IPTABLES filtering module - "iptable_filter"
# - Loaded automatically when filter policies are activated

echo -en "ip_conntrack, "
$MODPROBE ip_conntrack


# Enabled by default -- insert a "#" on the next line to deactivate
#
echo -en "ip_conntrack_ftp, "
$MODPROBE ip_conntrack_ftp


echo -en "iptable_nat, "
$MODPROBE iptable_nat

echo
"----------------------------------------------------------------------"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
#
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related
ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE



echo -e "\nDone.\n"

while the result of my tcpdump -i eth0 -vxn looks like this:
21:10:25.160082 arp who-has 195.44.182.161 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........
21:10:25.160082 arp who-has 195.44.182.162 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........
21:10:25.160082 arp who-has 195.44.182.163 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........
21:10:25.160082 arp who-has 195.44.182.165 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........
21:10:25.160082 arp who-has 195.44.182.180 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........
21:10:25.160082 arp who-has 195.44.182.172 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........
21:10:25.160082 arp who-has 195.44.182.173 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........
21:10:25.160082 arp who-has 195.44.182.175 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........
21:10:25.160082 arp who-has 195.44.182.180 tell 195.44.182.161
0x0000: 0001 0800 0604 0001 0002 851b 16a0 c32c ..............,

0x0010: b6a1 0000 0000 0000 c32c b6b4 0000 0004 ........,......
0x0020: 0000 0000 0000 0000 0000 0000 0000 ..........

9 packets captured
9 packets received by filter
0 packet dropped by kernel

what do u think is the prob.
My workstation (MASQed windows machine) can ping the local linux router
which is same machine as internet gateway. It can ping both internal
and external IP addresses.
nakel
 
Reply With Quote
 
 
 
Reply

« FTP server/proxy | howto reconnect to internet??? »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Pinging IP Address on Different Subnet william Windows Networking 2 10-31-2007 10:40 PM
Pinging an IP address Jeffatsc Windows Networking 2 07-18-2007 07:04 PM
pinging website shows old ip address using MN-700 after updating name servers... Bill Slaunwhite Broadband Hardware 8 11-02-2006 12:21 PM
pinging two different URLs, response comes from same IP address (server), Is that possible? vasanta Linux Networking 5 07-10-2004 09:18 PM
Wrong IP address returned when pinging calvin Windows Networking 1 09-14-2003 03:43 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11