-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
William Attwood wrote:
> To start, I would iptables -f and then test, this will flush all rules,
> unless you're using it to do any routing based on input.
>
> -f will flush all of the rules, just don't write that configuration and
> you should be fine restarting iptables to have it reload the
> configuration file you have setup.
>
> If that still doesn't work, it sounds like a routing issue with your NIC
> either on your linux system or your router. I'm going to ask, are you
> stating that you setup linux on your router, or that linux is on your PC
> hooked to the router?
>
> -Will
>
> On Thu, Feb 18, 2010 at 12:17 AM, Christopher Howard
> <choward@indicium.us <mailto:choward@indicium.us>> wrote:
>
> Question for the network admins:
>
> I set up a home router with three interface (1 WAN, 2 LAN) with DNS,
> DHCP, and NAT services, using dnsmasq for the dns and dhcp services.
>
> The first LAN works perfect. The second LAN work /almost/ perfect. The
> client PCs get IP addresses from DHCP, and when I ping an address (like
> google.com <http://google.com>) it pings the right address. But the
> ping never comes back.
> Traffic seems to be going out, but not coming back. I think I must have
> forgot an iptables rule or something.
>
> Could somebody help me work through this? When I set up the IP tables, I
> followed the instructions here:
>
> http://www.gentoo.org/doc/en/home-router-howto.xml
>
> Specifically, the sections "Chapter 6 >> NAT" and "Chapter 6 >> Connect
> Another LAN". I'll post any iptables output from my system also if you
> will tell me which command to enter.
>
- ---------
To unsubscribe, send email to <aklug-request@aklug.org
<mailto:aklug-request@aklug.org>>
with 'unsubscribe' in the message body.
> --
> Take care,
> William Attwood
> Idea Extraordinaire
> wattwood@gmail.com <mailto:wattwood@gmail.com>
> Samuel Goldwyn
> <http://www.brainyquote.com/quotes/authors/s/samuel_goldwyn.html> - "I
> don't think anyone should write their autobiography until after they're
> dead."
Yippee, figured it out by myself! Oh yeah, oh yeah!
I just ran iptables -S, which apparently shows a chain of rules. I saw
that there was a "-A FORWARD -d 172.16.0.0/24 -i eth2 -j ACCEPT" which
(I'm guessing) allows traffic to get from my WAN to my first LAN subnet,
but there was no such rule for my other subnet (172.16.1.0), so I added
such a rule. It worked, so I saved the new iptables configuration.
- --
________________________________
/ \
| Christopher Howard |
| http://indicium.us |
| http://theologia.indicium.us |
\________________________________/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkt89zMACgkQQ5FLNdi0BcWElQCfTq6AwQxSdnOze7jwjSvZ7oBW
cEEAoIlQ4vJKZlzz1NtdFpgMaaOIuK53
=W25M
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Wed Feb 17 23:15:30 2010
This archive was generated by hypermail 2.1.8 : Wed Feb 17 2010 - 23:15:30 AKST