[H-GEN] can't get IP forwarding/NAT working on new install

Troy Piggins troy at piggo.com
Mon Jun 5 09:41:27 EDT 2006 

I've recently re-installed my gateway machine due to it being compromised via a
horde security hole and me not keeping it up to date :-(

Chose Ubuntu Dapper 6.06 released only 1/6/06 since I was happy with my
previous Ubuntu Breezy install and the new release supposedly has better wifi
support.

All went smooth during the install *except* the computers behind this gateway
can't access the internet.  I am tearing my hair out (and believe me, there
aint much to tear out!) because I've set it up, I am sure, almost exactly the
way my previous working install was.

By "can't access the internet" I mean that the WinXP machine can ping the
dapper machine's LAN interface, but not it's external interface, nor external
IP addresses let alone URLs.

eg:  WinXP machine can ping 192.168.0.1, but try to ping 192.168.1.10 and get
"Destination host unreachable".  Sim for 192.168.1.1.  See below for what
networks they are on.

The dapper machine connects to internet fine, resolves URLs no worries, can
ping both internal and external networks fine.  All good.

I've trawled the net, Ubuntu forums, Whirlpool forums, USENET, Ubuntu mailing
lists and can't find a solution.  It's probably right in front of my nose, I
know.

Some details:

**** ADSL router - network interface 192.168.1.1/255.255.255.0,
 DHCP server enabled,
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
203.55.228.88   0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
239.0.0.0       0.0.0.0         255.0.0.0       U     1      0        0 br0
0.0.0.0         203.55.228.88   0.0.0.0         UG    0      0        0 ppp0

**** Dapper machine (armadillo)
connection to router:
eth0      Link encap:Ethernet  HWaddr 00:40:05:0E:85:0B
          inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
connection to LAN:
eth1      Link encap:Ethernet  HWaddr 00:0C:6E:03:B6:0B
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
[troy at armadillo:~]$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

$ cat /etc/sysctl.conf | grep ^[^\#]
net/ipv4/ip_forward=1

$ sudo iptables-save | grep MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE 
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE 

**** WinXP machine
IP 192.168.0.3/255.255.255.0
default gateway 192.168.0.1
DNS server 192.168.0.1

On previous installs this has been enough to get things going.  To be honest,
I've changed the network addresses between router and dapper from the previous
install.  They were 10.1.1.1 and 10.1.1.10 resp.

Read here http://ubuntuforums.org/showthread.php?t=91370&highlight=route
that you should also install dnsmasq and ipmasq.  Not too sure about that,
since dnsmasq appears to be a DNS and DHCP server (for small/basic networks),
and ipmasq seems to simply "take over" the firewall (iptables) rules table.  
I have already set that up as per above.  (FTR I /have/ installed them, but
don't think they are the problem.  Wasn't working before I installed, still not
working after).

So can anyone see what I am missing?

-- 
Troy Piggins
  ,-o   Ubuntu v6.06 (Dapper Drake): kernel 2.6.15-23-server, 
 o   )  postfix 2.2.4, procmail 3.22, mutt 1.5.11i,
  `-o   slrn 0.9.8.1, vim 6.4

More information about the General mailing list