Unable to forward internal network to Internet

xiaoti · July 16, 2008, 12:43pm

[LEFT]For some years I have been running a PC as a router, giving my home network Internet access. Recent releases of opensuse have made this easier and easier with Yast -> Firewall -> Masquerade -> set masquerade on.

I upgraded to opensuse 11.0. I visited Yast -> network devices -> network parameters -> routing and activated “IP forwarding”. I visited Yast -> Firewall -> Masquerade and set masquerade on. But NAT doesn’t work.[/LEFT]

ifconfig and route report:

eth0 Link encap:Ethernet  HWaddr 00:1D:60:30:36:D9
  inet adr:81.56.228.152 Bcast:81.56.228.255
  adr inet6: fe80::21d:60ff:fe30:36d9/64 Scope:Lien
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:231081 errors:0 dropped:0 overruns:0 frame:0
  TX packets:256051 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 lg file transmission:1000
  RX bytes:144005787 (137.3 Mb)  TX bytes:144547748 (137.8 Mb)
  Interruption:251 Adresse de base:0x8000

eth1 Link encap:Ethernet  HWaddr 00:1B:11:C2:DB:53
  inet adr:10.0.0.7  Bcast:10.0.0.255  Masque:255.255.255.0
  adr inet6: fe80::21b:11ff:fec2:db53/64 Scope:Lien
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:7152 errors:0 dropped:0 overruns:0 frame:0
  TX packets:8408 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 lg file transmission:1000
  RX bytes:435256 (425.0 Kb)  TX bytes:2304065 (2.1 Mb)
  Interruption:16 Adresse de base:0xb800

Table de routage IP du noyau
Destination  Passerelle Genmask    Indic Metr Ref Use Iface
10.0.0.0        *    255.255.255.0 U     0    0   0   eth1
lns-bzn-50f-81- *    255.255.255.0 U     0    0   0   eth0
link-local      *    255.255.0.0   U     0    0   0   eth0
loopback        *    255.0.0.0     U     0    0   0   lo
default  lns-bzn-50f-81- 0.0.0.0   UG    0    0   0   eth0

In the firewall eth0 is “external” and eth1 is “internal”.

In /etc/sysconfig/SuSEfirewall2 I have
FW_ROUTE=“yes”
FW_MASQUERADE=“yes”

ipchains -L gives a lot of complex output, but ipchains -L forward reports nothing.

/proc/sys/net/ipv4/ip_forward is 1

I can ping between a PC in the home network and the router, and from the router to my ISP, but not from the home network PC to my ISP; I get the message “Destination Host Unreachable”.

Turning off the firewall does not fix the problem. So far this has baffled me. Any suggestion would be much appreciated.

Roger

prhunt · July 16, 2008, 1:12pm

Make sure that the default gateway address is set on all PCs on the home network. It should be the adress of eth1 in your router, 10.0.0.7 as indicated by the info posted above.

Re-establish the firewall in your router, make sure masquerade is enabled.

Also, make sure that LAN pc’s have their DNS set appropriately.

Paul

xiaoti · July 16, 2008, 11:06pm

[LEFT]Hello Paul, Good catch! I found a bug in /etc/dhcpd.conf on the router in the option routers declaration. I can now ping from the home network to Internet IP addresses. But DNS is still not working. I’ll get back to it tomorrow.[/LEFT]

The LAN PC’s have the same /etc/resolv.conf as the router.
Roger

prhunt · July 17, 2008, 12:17am

As a test, why not set all the network settings manually for one LAN pc - this will confirm overall operation, and then you can check out your DHCP server, etc.

Paul