Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Iptables and nat [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1969

PostPosted: Fri Jun 21, 2013 6:38 pm    Post subject: Iptables and nat [SOLVED] Reply with quote

I've been trying to forward packets from one interface to another, without having to build
a full-scale firewall. Every document I can find says that it's a question of adding
port forwarding and masquerading, but that fails every time for me. The machine has
valid interfaces to each destination, and I can log to the machines each side, but trying
to add forwarding gives me:
Code:

tuppence cwr # iptables -F
tuppence cwr # iptables -t nat -F
tuppence cwr # iptables --delete-chain
tuppence cwr # iptables --table nat --delete-chain
tuppence cwr # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables: No chain/target/match by that name.
tuppence cwr #


I've checked the kernel configs, and they are ok, and forwarding is set up in sysctl.conf;
does anyone have any ideas that I could try before building a full-scale firewall/router?

Thanks - Will


Last edited by cwr on Sat Jun 22, 2013 7:57 am; edited 1 time in total
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 623

PostPosted: Fri Jun 21, 2013 6:57 pm    Post subject: Reply with quote

Seems that your kernel config is not okay after all. However, which networks do you need to route (to)? Maybe you don't need NAT?
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
dE_logics
Advocate
Advocate


Joined: 02 Jan 2009
Posts: 2253
Location: $TERM

PostPosted: Sat Jun 22, 2013 7:28 am    Post subject: Reply with quote

There appears to be something wrong with one of --

-A POSTROUTING -o eth0 -j MASQUERADE

How about changing the jump, match and chain to something that is known to work on your system, e.g. drop for, tcp match and -A to input one by one, so you can figure out the missing modules.
_________________
My blog
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1969

PostPosted: Sat Jun 22, 2013 7:56 am    Post subject: Reply with quote

OK, problem solved. I had the "standard" iptables stuff configured in the kernel, but that's
apparently not enough. I went back and added every iptables option in sight and rebuilt
the kernel and it worked.

Thanks for the ideas - Will
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14067

PostPosted: Sat Jun 22, 2013 4:11 pm    Post subject: Reply with quote

The MASQUERADE target is part of NAT and is not standard for a simple packet filter. Enabling that was likely the key.
Back to top
View user's profile Send private message
cwr
Veteran
Veteran


Joined: 17 Dec 2005
Posts: 1969

PostPosted: Sun Jun 23, 2013 7:10 pm    Post subject: Reply with quote

Yes, at a some point I need to go back and weed out all the obviously irrelevant stuff and
test it again, but for now, it "just works".

Thanks for the tip - Will
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum