[plug] routing problem

proXy davyd at iprimus.com.au
Thu Aug 8 22:46:29 WST 2002


On Thu, 2002-08-08 at 22:54, Jon Miller wrote:
> Cannot route from workstation out to Internet, can route from server. default gw is okay can ping server.  

Is it routing or DNS?

Assuming it's routing, have you set your iptables correctly?
Something like:

iptables -P FORWARD DROP
iptables -A FORWARD -i $internal_if -o $external_if -j ACCEPT
iptables -A FORWARD -i $external_if -o $internal_if -m state --state
RELATED,ESTABLISHED -j ACCEPT
# and optional
iptables -A FORWARD -j LOG

Should be suitable to do basic masqurading.
Also, ensure that /proc/sys/net/ipv4/ip_forward is set to 1
ie: echo "1" > /proc/sys/net/ipv4/ip_forward

In debian you can set this permanantly (so it is still set to 1 on a
reboot) in /etc/network/options

Hope this helps

--proXy

-- 
http://davyd.ucc.asn.au/
linux.conf.au Perth 2003 <http://www.linux.conf.au>

PGP Fingerprint <http://davyd.ucc.asn.au/pgp>
08B0 341A 0B9B 08BB 2118  C060 2EDD BB4F 5191 6CDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20020808/5fa7f2d9/attachment.pgp>


More information about the plug mailing list