help: IP masquerading is driving me nuts....

[mombasa]

First: I’m a complete linux novice. I installed my first linux distro only a week ago. The last couple of days I’ve been trying to share a internet connection on my network with IP masquerading and it is driving me nuts ! I’ve read dozens of faqs and howto’s but I can’t get the silly thing to work. I hope that some of the more experienced linux users on this forum can tell me what I’m doing wrong. I’ll try to describe my LAN setup and what I’ve been trying to do as detailed as possible…

I’ve installed Suse 10.1 on a pc with 2 ethernet cards. This linux machine is connected to a small private LAN trough Ethernet card 0. It is running a Samba file server that acts as a PDC for a bunch of Windows XP Pro Clients. The whole file samba file sharing / PDC thing works like a charm. On Ethernet card 1 I’ve connected a ADSL modem for a high speed internet connection and I’ve configured it for a pppoE connection. This internet connection also works without a problem: I can surf the internet from the linux machine without a problem.

It is when I try to share the internet connection on the linux machine with the Windows XP Pro clients on the private LAN that the trouble starts.

A bit of data before I explain what I’ve tried so for:

- Eth0 in the Linux box has ip 192.168.9.1 (static)

- Eth1 in the Linux box gets a dynamic IP address assigned by my ISP every time that I login to the internet..

- All the other Windows XP Pro Clients on the private LAN have static ip’s like 192.168.9.26, 192.168.9.127, ….


I’ve flushed all the rules for the filter and nat table with iptables so all the default behavior is accept for all chains. This way I’m certain that the firewall does not get in the way.
I turned on IP forwarding with : echo 1 > /proc/sys/net/ipv4/ip_forward

And I’ve turned on dynamic IP addressing with: echo 1 /proc/sys/net/ipv4/ip_dynaddr
(don’t know if this is really necessary)


I’ve tried to turn on masquerading with the following rule:

Iptables –t nat –A POSTROUTING –o pppo –j MASQUERADE

I also tried :

Iptables –t nat –A POSTROUTING –o eth1 –j MASQUERADE

I also tried :

Iptables –t nat –A POSTROUTING –s 192.168.9.0/24 –j MASQUERADE

None of the above has any effect: I cannot reach the internet from one of the Windows XP Pro clients.
What I can do :
- I can ping a internet IP from the linux box
- I can ping a win XP Pro client from the linux box.
- I can ping the linux box (192.168.9.1) from a win XP Pro client

What I cannot do:
- I can’t ping a internet IP from a Winxp pro client.

On the win XP pro clients I have set the standard gateway to 192.168.9.1 and the primary DNS to the DNS ip adres of my ISP.

Can somebody tell me what I’m doing wrong ???

p.s.: I know that I don’t have any firewall protection this way, but is just want to get the masquerade bit working first and I’ll worry about setting up the firewall later…

[rcgreen]

Something like this maybe?

IPTABLES -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
IPTABLES -A FORWARD -i eth0 -o ppp0 -j ACCEPT
IPTABLES -A FORWARD -j LOG


IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

http://tldp.org/HOWTO/IP-Masquerade-...EWALL-IPTABLES

[mombasa]

Something like this maybe?



http://tldp.org/HOWTO/IP-Masquerade-...EWALL-IPTABLES

Sorry, no joy...

Tried everything that was mentioned in this excellent guide and i still keep getting the same problem: no internet acces from my XP Pro clients.

There is a difference however between enabeling Masquerade and not doing anything at all: When no masquerading is enabled and i try to browse a website from a XP Pro client, i instantly get a 'site not found message'.

With Masquerading enabled, the browser keeps tyring to reach the site for a minute or two and then gives the typical 'site not found' message.

It looks as if the dns server from my isp is working and my browser can resolve the right adress, but no traffic gets trough the firewall ???