[CLUE-Tech] Trying to set up a NAT/Firewall system for a home
network: can't ping Internet
David Anselmi
anselmi at americanisp.net
Tue Jul 2 19:13:37 MDT 2002
bof wrote:
>
> One NIC (eth1, address 192.168.1.1) is for my private network,
> 192.168.1.x, and the other (eth0) uses DHCP to garner an address from my
> ISP. I've got them set up to do so and they work as they should. I can
> ping out from this machine, and can also ping into my 192.168.1.x
> network to the systems on it.
So you have an ethernet bridge between eth0 and your ISP? That's
typical for cable modems, rare for DSL.
>
> But I can't ping out of the machines on the 192.168.1.x network to get
> to the Internet. I am not running (yet) any firewall on either system.
>
> Is this a problem in my routing tables and gateways? I've never really
> understood this gateway stuff, so if someone could take a line to two to
> explain it, it would be nice.
Can you ping from a machine on 192.168.1.0/24 to eth1? Is 192.168.1.1
the default route or gateway? A linux routing table (on an inside
machine, not the router box) should look like this:
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
You can post the router's route table if you want. I assume ifconfig
shows both interfaces up ok. And you did this:
echo 1 > /proc/sys/net/ipv4/ip_forward
right?
Most likely you haven't set up nat yet. The router may be routing, but
if you're sending private packets (192.168.1.x) to the Internet, they
won't come back to you. Set the nat up before you do anything with
filtering (to make sure it works). (You are using iptables, right?):
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Here's the doc you want to read:
http://netfilter.samba.org/documentation/HOWTO//NAT-HOWTO.html
HTH,
Dave
More information about the clue-tech
mailing list