Kevin Coyner, 2002-Nov-07 14:14 -0500: > > On Thu, Nov 07, 2002 at 12:03:24PM -0200, Christoph Simon wrote...... > > > I didn't read the start of the thread, but from what I'm seeing here, > > you are missing some masquerading or source nat. First make sure, the > > default policy of all enabled iptables is ACCEPT and not DROP (most > > probably, it's OK). Then, you need to add an iptables-rule like: > > > > iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j SNAT $IPE > > > > if you have a static external IP address, or just > > > > iptables -t nat -A POSTROUTING -s $LAN -o eth1 -j MASQUERADE > > > > assuming that LAN is something like 10.0.0.0/8 (your local network and > > mask), eth1 is your external interface and IPE is the external IP you > > have.
You don't need NAT on sumida since both networks are private and you router does the NATing, according to the original diagram. Remove these POSTROUTING entries. > > Sorry about the two posts in a row, but I forgot to mention this is the > earlier post ... > > When I try pinging to the outside world from the client (via the proxy > box) I can't get out. In trying to gather more clues, I did the > following: > > sumida:/etc/init.d# cat /proc/net/ip_conntrack > <snip> > udp 17 9 src=10.10.10.156 dst=192.168.2.254 sport=1059 dport=53 > [UNREPLIED] src=192.168.2.254 dst=192.168.2.254 sport=53 dport=1059 > use=1 > udp 17 17 src=10.10.10.156 dst=167.206.112.4 sport=1061 dport=53 > [UNREPLIED] src=167.206.112.4 dst=192.168.2.254 sport=53 dport=1061 > use=1 > > The first destination (192.168.2.254) is the router. The second dest is > a DNS server on the outside world. In both cases the [UNREPLIED] > message is appended. Is that the proxy box 'not replying'? Ah, when you ping the world, are you pinging using a domain name or an IP? I appears you are using a domain name and it's not getting resolved. According to he cat above, your router is may be droping the DNS requests. Could this router be doing a DNS proxy? Try setting the DNS IP on your client and sumida to 192.168.10.254 and see if it works. Also, where did 192.168.2.254 come from? According to you original post, the network between sumida and the router is 192.168.10.0. One last thing, can you client ping 192.168.10.254? That would prove that sumida is forwarding. jc -- Jeff Coppock Systems Engineer Diggin' Debian Admin and User -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
