Router not routing/masquerading. Why?

**Anubis** · 03-22-2003, 12:05 AM

I am setting up this RH8 based router machine. It only has one client, my squid server on 10.2. I put in all the rules I could think of to set up simple masquerading as well as a few minor port forwards. Nothing is working. I can browse from the router machine, but not from the squid server. I can ping back and forth with no trouble so I believe the problem is here somewhere. Can anyone please give me a clue?

Here is my rule generator....

#!/bin/sh

#------------------------------------ Iptables Firewall Rule Generator for Vulture I Router ---------------------------------------
#
# Written March 2003 . Licensed under the GPL. Distribute freely.
#-----------------------------------------------------------------------------------------------------------------------------------
#-------------
# Prep work!
#-------------

# Disable network interfaces prior to shutting down the firewall
#echo "Network going down for firewall service"
#/etc/init.d/network stop

# Shut down the firewall for service.
echo "Firewall shutting down"
/etc/init.d/iptables stop

# Deleting the old ruleset from /etc/sysconfig and clearing rules from memory
echo "Out with the old (rules)"
rm --force /etc/sysconfig/iptables
iptables -F
iptables -t nat -F
iptables -X

# Enable port forwarding support
echo "1" > /proc/sys/net/ipv4/ip_forward

# Load relevent modules
insmod ip_tables
insmod ip_conntrack
insmod ip_conntrack_ftp
insmod ipt_state
insmod iptable_nat
insmod ipt_MASQUERADE

#-----Done--------------------------------------------------------------------------------------------------------------------------

# Begin firewall generation

#---------------------------------------
# Variable definition section.
#---------------------------------------
LOCALHOST="127.0.0.1"
INTINT="eth0"
INTRA="192.168.10.0/24"
EXTINT="eth1"
RAPTOR="192.168.10.2"
#-----Done------------------------------

#---------------------------------------------------------------------------------------------------------------------------------
# Routing table rules by table
#---------------------------------------------------------------------------------------------------------------------------------

# Establish Default Policies for the following Tables
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#---------------------------------------------------------------------------------------------------------------------------------
# PREROUTING TABLE
#---------------------------------------------------------------------------------------------------------------------------------

# Forward all incoming mail connections to Raptor II mail server
iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 25 -j DNAT --to-destination $RAPTOR:25
iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 1352 -j DNAT --to-destination $RAPTOR:1352

# Forward incoming http connections to Raptor for routing to the mail server.
#iptables -t nat -A PREROUTING -p tcp -i $EXTINT --dport 80 -j DNAT --to-destination $RAPTOR:80

#-------------------------------------------------------------------------------------------------------------------------------
# INPUT TABLE
#--------------------------------------------------------------------------------------------------------------------------------

# Accept all traffic from Raptor on internal network
iptables -A INPUT -i $INTINT -p all -j ACCEPT

# Accept all traffic originating on Vulture I
iptables -A INPUT -s $LOCALHOST -p all -j ACCEPT

# Allow all established connections to get back in from Internet
iptables -A INPUT -i $EXTINT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Explicitly allow incoming connections on ports to be forwarded to Raptor II
iptables -A INPUT -i $EXTINT -p tcp --dport 25 -j ACCEPT
#iptables -A INPUT -i $EXTINT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i $EXTINT -p tcp --dport 1352 -j ACCEPT

# Accept incoming ICMP requests. For testing the firewall
iptables -A INPUT -p ICMP -s 0/0 -j ACCEPT
#-----------------------------------------------------------------------------------------------------------------------------------
# FORWARD TABLE
#------------------------------------------------------------------------------------------------------------------------------------

# Mail connection forwarding
iptables -A FORWARD -i $EXTINT -d $RAPTOR -p tcp --destination-port 25 -j ACCEPT
iptables -A FORWARD -i $EXTINT -d $RAPTOR -p tcp --destination-port 1352 -j ACCEPT

# http connection forwarding
#iptables -A FORWARD -i $EXTINT -d $RAPTOR -p tcp --destination-port 80 -j ACCEPT

# Forwarding to/from local network
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -i ! $EXTINT -j ACCEPT
#-------------------------------------------------------------------------------------------------------------------------------------
# OUTPUT TABLE
#--------------------------------------------------------------------------------------------------------------------------------------

iptables -A OUTPUT -p all -s $LOCALHOST -j ACCEPT
iptables -A OUTPUT -p all -s $INTRA -j ACCEPT
iptables -A OUTPUT -p all -d $LOCALHOST -j ACCEPT
iptables -A OUTPUT -p all -d $INTRA -j ACCEPT
iptables -A OUTPUT -o $EXTINT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $INTINT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#--------------------------------------------------------------------------------------------------------------------------------------
# POSTROUTING TABLE
#--------------------------------------------------------------------------------------------------------------------------------------

iptables -t nat -A POSTROUTING -o $EXTINT -j MASQUERADE

#--------------------------------------------------------------------------------------------------------------------------------------

#------------------------------------------------- Rule generation is complete --------------------------------------------------------

#-------------------------------------
# Post generation clean up work.
#------------------------------------

# Save the rules to /etc/sysconfig so they will load on boot
iptables-save > /etc/sysconfig/iptables

# Start new and improved firewall
echo "Firewall starting up, please stand back!"
/etc/init.d/iptables start

#-------------------------------------------------------- End of Script----------------------------------------------------------------

Thread: Router not routing/masquerading. Why?

Thread Tools

Display

Router not routing/masquerading. Why?

Similar Threads

Router MAC address changing?

DSL router and webserver access from outside

Router for a lan with public ip addresses

3com router and linux box

Gateway before router

Bookmarks

Bookmarks

Posting Permissions