Results 1 to 4 of 4

Thread: Unable to forward internal network to Internet

  1. #1

    Default Unable to forward internal network to Internet

    For some years I have been running a PC as a router, giving my home network Internet access. Recent releases of opensuse have made this easier and easier with Yast -> Firewall -> Masquerade -> set masquerade on.

    I upgraded to opensuse 11.0. I visited Yast -> network devices -> network parameters -> routing and activated "IP forwarding". I visited Yast -> Firewall -> Masquerade and set masquerade on. But NAT doesn't work.

    ifconfig and route report:

    Code:
    eth0 Link encap:Ethernet  HWaddr 00:1D:60:30:36:D9
      inet adr:81.56.228.152 Bcast:81.56.228.255
      adr inet6: fe80::21d:60ff:fe30:36d9/64 Scope:Lien
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:231081 errors:0 dropped:0 overruns:0 frame:0
      TX packets:256051 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 lg file transmission:1000
      RX bytes:144005787 (137.3 Mb)  TX bytes:144547748 (137.8 Mb)
      Interruption:251 Adresse de base:0x8000
    
    eth1 Link encap:Ethernet  HWaddr 00:1B:11:C2:DB:53
      inet adr:10.0.0.7  Bcast:10.0.0.255  Masque:255.255.255.0
      adr inet6: fe80::21b:11ff:fec2:db53/64 Scope:Lien
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:7152 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8408 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 lg file transmission:1000
      RX bytes:435256 (425.0 Kb)  TX bytes:2304065 (2.1 Mb)
      Interruption:16 Adresse de base:0xb800
    
    Table de routage IP du noyau
    Destination  Passerelle Genmask    Indic Metr Ref Use Iface
    10.0.0.0        *    255.255.255.0 U     0    0   0   eth1
    lns-bzn-50f-81- *    255.255.255.0 U     0    0   0   eth0
    link-local      *    255.255.0.0   U     0    0   0   eth0
    loopback        *    255.0.0.0     U     0    0   0   lo
    default  lns-bzn-50f-81- 0.0.0.0   UG    0    0   0   eth0
    In the firewall eth0 is "external" and eth1 is "internal".

    In /etc/sysconfig/SuSEfirewall2 I have
    FW_ROUTE="yes"
    FW_MASQUERADE="yes"

    ipchains -L gives a lot of complex output, but ipchains -L forward reports nothing.

    /proc/sys/net/ipv4/ip_forward is 1

    I can ping between a PC in the home network and the router, and from the router to my ISP, but not from the home network PC to my ISP; I get the message "Destination Host Unreachable".

    Turning off the firewall does not fix the problem. So far this has baffled me. Any suggestion would be much appreciated.

    Roger

  2. #2
    Join Date
    Jun 2008
    Location
    Queensland, Australia
    Posts
    125

    Default Re: Unable to forward internal network to Internet

    Make sure that the default gateway address is set on all PCs on the home network. It should be the adress of eth1 in your router, 10.0.0.7 as indicated by the info posted above.

    Re-establish the firewall in your router, make sure masquerade is enabled.

    Also, make sure that LAN pc's have their DNS set appropriately.

    Paul

  3. #3

    Default Re: Unable to forward internal network to Internet

    Quote Originally Posted by prhunt View Post
    Make sure that the default gateway address is set on all PCs on the home network. It should be the adress of eth1 in your router, 10.0.0.7 as indicated by the info posted above.
    Hello Paul, Good catch! I found a bug in /etc/dhcpd.conf on the router in the option routers declaration. I can now ping from the home network to Internet IP addresses. But DNS is still not working. I'll get back to it tomorrow.

    Quote Originally Posted by prhunt View Post
    Re-establish the firewall in your router, make sure masquerade is enabled.

    Also, make sure that LAN pc's have their DNS set appropriately.

    Paul
    The LAN PC's have the same /etc/resolv.conf as the router.
    Roger

  4. #4
    Join Date
    Jun 2008
    Location
    Queensland, Australia
    Posts
    125

    Default Re: Unable to forward internal network to Internet

    Quote Originally Posted by xiaoti View Post
    Hello Paul, Good catch! I found a bug in /etc/dhcpd.conf on the router in the option routers declaration. I can now ping from the home network to Internet IP addresses. But DNS is still not working. I'll get back to it tomorrow.



    The LAN PC's have the same /etc/resolv.conf as the router.
    Roger
    As a test, why not set all the network settings manually for one LAN pc - this will confirm overall operation, and then you can check out your DHCP server, etc.

    Paul

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •