On 12/15/2009 10:09 PM, Ruben Safir wrote:
On Tue, Dec 15, 2009 at 07:29:00PM -0600, Moby wrote:
The setup involved in this issue was working perfectly fine with oss 10.X and 11.1. The problem arose after an in-place upgrade to oss 11.2.
Basically the machine (call it machine A with internal IP address 192.168.10.10) is configured to do masquerade via iptables (with a custom script). The relevant line is:
$IPTABLES -t mangle -A PREROUTING -m iprange --src-range 192.168.10.50-192.168.10.200 -j MARK --set-mark 2 $IPTABLES -t mangle -A FORWARD -m iprange --src-range 192.168.10.50-192.168.10.200 -j MARK --set-mark 2 $IPTABLES -t nat -A POSTROUTING -m mark --mark 2 -o comcast1 -j MASQUERADE
I have virtually the same problem. First, where do you put the scrript becasue is it almost impossible to drop into /etc/init.d/network
Secondly, port forwarding has to be ON and the system, even when it says it is on, doesn't have it on.
#/bin/sh
PATH=/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin:/usr/games:/opt/gnome2/bin:/opt/gnome/bin:/opt/kde3/bin:/opt/kde2/bin:/usr/openwin/bin:/usr/lib/java/bin:/opt/gnome/bin
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Forwarding Enabled"
Once this is in place, initiating (for example) ping www.yahoo.com from a machine with ip address 192.168.10.52 shows that traffic is making it's way to machine A on A's internal interface, then the traffic is getting "masqueraded" (packets source ip gets changed to the valid public address of machine A) and sent out the interface called comcast1, reply comes back from www.yahoo.com and enters machine A properly on interface comcast1 and that's it ... the packet never gets mapped back to the inside host that sent it. I see this sequence of events in a packet capture btw (Wireshark with capture on pseudo-interface to capture all interfaces).
This exact same script worked fine with oss11.1 and earlier versions - is anyone here aware of any changes in oss11.2 that could prevent something like this from working?
Thanks in advance for any help,
-- --Moby
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Thanks for the response Rubin. I created my own init script that calls /etc/rc.local (one of the things I like in RH!). I call whatever I need executed at boot-time from this /etc/rc.local. I can send that init script to you if you like. Port forwarding is indeed on - I verified both by cat'ing ip_forward, running sysctl, and for good measure I echoed 1 into ip_forward. That makes no difference. Do you still have the problem or have you resolved yours? The fact that this very same script has been working fine until the upgrade to 11.2 makes me thing something in 11.2 is breaking it - I just wish I could find out what. Thanks again. -- --Moby They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org