iptables help needed

Simon Slater pyevet at aapt.net.au
Tue Jun 3 23:18:23 UTC 2008


On Tue, 2008-06-03 at 15:32 +0100, Bill Crawford wrote:
> 2008/6/3 Simon Slater <pyevet at aapt.net.au>:
> 
> >        I have run the script but the results may be a little unexpected.
> > Following are messages from the script.  None are as a result of
> > requesting web pages from the laptop, which still has the message that
> > the proxy server is refusing requests and wireshark shows the same
> > patterns.  These logged packets are when Evolution is fetching the
> > email.
> 
> Sounds like the reset is originating from outside your network, or
> there's a problem with the address ... is the IP address of the laptop
> definitely routable, or being NAT'd? You might just find that you're
> trying to route packets out onto the internet from addresses with the
> other end of your link doesn't accept packets for coming the other
> way, and is thus rejecting the packets. Or, the reset might be a
> side-effect of your provider running a "no servers" policy, ...
> 
	G'day Bill,  as I mentioned to François, this same hardware setup
worked fine only a few weeks ago, so any "no server" policy shouldn't
have any effect.  The trouble only started when I went to upgrade a new
install of F8 and found I couldn't connect.  The laptop IP address is
192.168.0.6 and can be pinged and browsed from elsewhere on the LAN and
resolves to its hostname "Acer".

	About being NAT'd, after running François script:

[root at ipex ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root at ipex ~]#

which seems fine, but:

[root at ipex ~]# netstat -M
netstat: no support for `ip_masquerade' on this system.
[root at ipex ~]#

Does this mean something is wrong with NAT?



-- 
Regards,
Simon





More information about the fedora-list mailing list