Thread: Eror with NAT?
i asked question few days ago but.. got no reply. maybe did'nt put enough information or something... i've gotten little closer problem.
have modem connected server through usb. have router connect server through ethernet. doing forward router (to monitor , control traffic). router internal network , modem external. modem (eth1) provides ip through dhcp , set router (eth0) static ip. set in interfaces file. once interfaces , have ip set, run script activates need make server nat capable. but.... not work. fails. if replace modem phones tethering (usb0) works. has modem. cannot find out modem doing wrong.
here information
ifconfig
the nat scriptcode:eth0 link encap:ethernet hwaddr 00:30:67:41:0c:3a inet addr:192.168.0.1 bcast:192.168.0.255 mask:255.255.255.0 inet6 addr: fe80::230:67ff:fe41:c3a/64 scope:link broadcast running multicast mtu:1500 metric:1 rx packets:26786 errors:0 dropped:0 overruns:0 frame:0 tx packets:6694 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 rx bytes:3523402 (3.5 mb) tx bytes:2967175 (2.9 mb) eth1 link encap:ethernet hwaddr 00:14:04:e7:24:b7 inet addr:72.191.165.30 bcast:255.255.255.255 mask:255.255.248.0 broadcast running multicast mtu:576 metric:1 rx packets:297270 errors:0 dropped:0 overruns:0 frame:0 tx packets:136021 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 rx bytes:149936774 (149.9 mb) tx bytes:9342291 (9.3 mb) lo link encap:local loopback inet addr:127.0.0.1 mask:255.0.0.0 inet6 addr: ::1/128 scope:host loopback running mtu:16436 metric:1 rx packets:264 errors:0 dropped:0 overruns:0 frame:0 tx packets:264 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 rx bytes:21396 (21.3 kb) tx bytes:21396 (21.3 kb)
the problem looks fine... (it ping , through clent computer on router) when try connect web address hang about 3 minutes , times out.code:echo -e "\n\nloading simple rc.firewall-iptables version $fwver..\n" depmod=/sbin/depmod modprobe=/sbin/modprobe extif="eth1" intif="eth0" #intif2="eth0" echo " external interface: $extif" echo " internal interface: $intif" #====================================================================== #== no editing beyond line required initial masq testing == echo -en " loading modules: " echo " - verifying kernel modules ok" $depmod -a echo "----------------------------------------------------------------------" echo -en "ip_tables, " $modprobe ip_tables echo -en "nf_conntrack, " $modprobe nf_conntrack echo -en "nf_conntrack_ftp, " $modprobe nf_conntrack_ftp echo -en "nf_conntrack_irc, " $modprobe nf_conntrack_irc echo -en "iptable_nat, " $modprobe iptable_nat echo -en "nf_nat_ftp, " $modprobe nf_nat_ftp echo "----------------------------------------------------------------------" echo -e " done loading modules.\n" echo " enabling forwarding.." echo "1" > /proc/sys/net/ipv4/ip_forward echo " enabling dynamicaddr.." echo "1" > /proc/sys/net/ipv4/ip_dynaddr echo " clearing existing rules , setting default policy.." iptables-restore <<-eof *nat -a postrouting -o "$extif" -j masquerade commit *filter :input accept [0:0] :forward drop [0:0] :output accept [0:0] -a forward -i "$extif" -o "$intif" -m conntrack --ctstate established,related -j accept -a forward -i "$intif" -o "$extif" -j accept -a forward -j log commit eof echo -e "\nrc.firewall-iptables v$fwver done.\n"
server's internet connection works know not forwarding modems connection. blocking port 80 ip tables says forwarding ports.
iptables -l
code:chain input (policy accept) target prot opt source destination chain forward (policy drop) target prot opt source destination accept -- anywhere anywhere ctstate related,established accept -- anywhere anywhere log -- anywhere anywhere log level warning chain output (policy accept) target prot opt source destination
aha! may have found issue here! after tcpdump noticed stange...
in quite few of lines!
14:04:51.422926 arp, reply chris-a770e3.local is-at 00:30:67:41:0c:3a (oui unknown), length 28
.................................................. .................................................. .....(oui unknown).................
after googling baisically saying doesnt know send packet to. seems reason why cant work, beacause being droped! now.. next issue... do knoledge?
, not line.. giving error router , server. server being chris-a770e3.local , router being 192.168.0.1
leads me believe server isnt correctly converting mac address during nat. there somewhere can adjust this?
Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Networking & Wireless [lubuntu] Eror with NAT?
Ubuntu
Comments
Post a Comment