NAT help pls

Hi,
I would really appreciate some Nat help.

I have a local network of 2 PCs. One of the PCs (I'll call it PC1) is
connected to the internet through pptp server. I'm doing NAT on it so
that PC2 can reach the internet.

For this to work I do:

# FWD: Allow all connections OUT and only existing and related ones IN
iptables -A FORWARD -i $eth0 -o $ppp0 -m state --state
ESTABLISHED,RELATED
-j ACCEPT
iptables -A FORWARD -i $eth0 -o $ppp0 -j ACCEPT

# Enabling SNAT (MASQUERADE) functionality on $EXTIF
iptables -t nat -A POSTROUTING -o $ppp0 -j MASQUERADE

However in this way all the traffic of PC2 is directly send to ppp0
which is the pptp tunnel. This is generally fine and it's working but
our ISP has a local free server which can't be accessed from PC2
because the request is sent through the tunnel. And it shouldn't be
because the free local server is on the LAN the other NIC of PC1 is
connected to (the NIC connected to the ISP).

I hope I've managed to clear up the situation. However if you don't
understand what exactly the problem is - i'll try to explain it better.

Any help is appreciated.

(E-Mail Removed) wrote:
>
> # FWD: Allow all connections OUT and only existing and related ones IN
> iptables -A FORWARD -i $eth0 -o $ppp0 -m state --state
> ESTABLISHED,RELATED
> -j ACCEPT
> iptables -A FORWARD -i $eth0 -o $ppp0 -j ACCEPT

I think you've got the interfaces backwards in the first line, but
that's probably a typo, since the configuration works.

> # Enabling SNAT (MASQUERADE) functionality on $EXTIF
> iptables -t nat -A POSTROUTING -o $ppp0 -j MASQUERADE
>
> However in this way all the traffic of PC2 is directly send to ppp0
> which is the pptp tunnel. This is generally fine and it's working but
> our ISP has a local free server which can't be accessed from PC2
> because the request is sent through the tunnel. And it shouldn't be
> because the free local server is on the LAN the other NIC of PC1 is
> connected to (the NIC connected to the ISP).

PC2 sends packets to their destination based on the routing table, not
the iptables setup. What's the ouotput from "route -n" when the ppp link
is up?

Make sure you have an entry for this local server in your routing table,
and it wouldn't hurt if the entry had a lower metric than the default
route through ppp0. Also, make sure that packets exiting eth0 on their
way to this server aren't blocked by firewall rules.

Thanks for the competent advice. However I still can't solve the
problem.

PC1 has 2 nics. eth1 is connected to the ISP and eth0 to PC2. What do
you mean the interfaces are backwards? Here is the output of route -n
on PC1.

192.168.120.1 0.0.0.0 255.255.255.255 UH 0 0 0
eth1
212.36.9.1 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
192.168.112.0 0.0.0.0 255.255.240.0 U 0 0 0
eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0
ppp0

The local server is 192.168.112.252 . I haven't entered any additional
firewall rules. PC1 has no problem contacting the local server only PC2
has.

I guess that since there's an entry for 192.168.112.0 the traffic
should be routed correctly. What should I do now?

I managed to solve the problem by adding identical iptables lines for
the eth1 interface not just for ppp0.