Hi!
Simple question. I'm using my gentoo-box as home router and for the really long time I have only one rule for my iptables:
-A POSTROUTING -o eth0 -j MASQUERADE
It it's fair enough for me. But after one updates few days ago something were changed and now it doesn't work. I.e.: I can ping any site from internal network, but can't ssh, or browse web from internal network.
kernel: 2.6.21-rc6-mm1
iptables: v1.3.5
What I have missed?
PS: I do not want to set up any complicate firewall rules, just need MASQUERADE.
Thank you!
Minimalistic MASQURADE rules
Message
There are a few things you can check. First, make sure you are set up to forward ipv4 packets:
If this returns anything other than 1, this may be your problem. You can correct it with:
Then make sure it comes up that way at boot time by adding this line to your /etc/sysctl.conf:
If it's already set to 1, make sure your original iptables rule is still present. For example, here's mine:
If it's not present, just add it in again:
Of course, replace eth0 with your external network interface, then run /etc/init.d/iptables save to change the changes for the next bootup.
Code: Select all
# cat /proc/sys/net/ipv4/ip_forward
1Code: Select all
# echo 1 > /proc/sys/net/ipv4/ip_forwardCode: Select all
net.ipv4.ip_forward = 1Code: Select all
# iptables -t nat -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 13920 packets, 2416K bytes)
pkts bytes target prot opt in out source destination
52179 4840K MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0Code: Select all
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEM. Hayden - San Antonio, TX
That's it.
Thank you for replay.
Actually my problem was not in iptables, but in ethernet (I have to use sky2 module with my adapter). Support for this hardware still broken and behavior is really strange. In my case it was MTU, which was dropped from 1500 to 560 when adapter hangs. Solution is to set MTU manually after adapter re-initialization.
But, even with wrong MTU, you can push masquerade to work, using:
That is what put me to the wrong way.
Maybe it will help somebody who will meet same problem.
Thank you for replay.
Actually my problem was not in iptables, but in ethernet (I have to use sky2 module with my adapter). Support for this hardware still broken and behavior is really strange. In my case it was MTU, which was dropped from 1500 to 560 when adapter hangs. Solution is to set MTU manually after adapter re-initialization.
But, even with wrong MTU, you can push masquerade to work, using:
Code: Select all
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtuMaybe it will help somebody who will meet same problem.