Well crap, sorry about that. It's supposed to be "-j ACCEPT", not just 'ACCEPT'. "-j" means 'jump' and is followed by a chain name or target, in this case ACCEPT telling the firewall to permit matching traffic. I'm guessing your FORWARD chain is either empty with a policy of ACCEPT, or some form of 'allow all' rule, so the traffic gets through without those additions. ;)
j On Tue, 07 Oct 2008 07:21:34 +0200, "Nicolas Linkert" <[EMAIL PROTECTED]> wrote: > Great! This works for me. The only thing I had to change were the > "ACCEPT" commands since they were not accepted. > > Thanks. > > cu, > Nick > > On Mon, 6 Oct 2008 20:28:58 -0400, "Joel Newkirk" > <[EMAIL PROTECTED]> said: >> Sorry, I'd expected to be in front of a computer earlier to respond... >> >> >> 3: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> >> state UNKNOWN qlen 1000 >> >> link/ether 6e:6d:ef:52:f2:5b brd ff:ff:ff:ff:ff:ff >> >> >> 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.101 >> >> 169.254.0.0/16 dev eth0 scope link metric 1000 >> >> default via 192.168.0.100 dev eth0 >> >> That's a problem right there - the state of the interface is 'UNKNOWN', >> it >> has no IP, and (hand in hand with no IP) there's no route out usb0 for >> anything. However, since you later said you can SSH to the FR with >> different settings, I'm assuming this to have been a temporary glitch... >> >> >> Try these on for size, in /etc/network/interfaces on the host: >> >> auto usb0 >> iface usb0 inet static >> address 192.168.0.201 >> netmask 255.255.255.252 >> post-up iptables -t nat -I POSTROUTING -t nat -j MASQUERADE -s >> 192.168.0.202 >> post-up echo 1 > /proc/sys/net/ipv4/ip_forward >> post-up iptables -I FORWARD -s 192.168.0.202 ACCEPT >> post-up iptables -I FORWARD -d 192.168.0.202 ACCEPT >> pre-down iptables -D POSTROUTING -t nat -j MASQUERADE -s >> 192.168.0.202 >> pre-down iptables -D FORWARD -s 192.168.0.202 ACCEPT >> pre-down iptables -D FORWARD -d 192.168.0.202 ACCEPT >> >> >> And on the FreeRunner: >> >> auto usb0 >> iface usb0 inet static >> address 192.168.0.202 >> netmask 255.255.255.252 >> network 192.168.0.200 >> gateway 192.168.0.201 >> up echo "nameserver 192.168.0.100" | resolvconf -a usb0 >> down resolvconf -d usb0 >> >> >> NOTE: This uses 192.168.0.201 on the host, not 192.168.0.200. This lets >> us >> clip it down to a /30 subnet, two IPs plus network and broadcast. The >> above works for me (with slight variations regarding nameserver and nat >> rules) on three different Ubuntu boxes and at least one Mandriva. >> Depending on the image/distro on the Freerunner, the two 'resolvconf' >> lines >> may not work out, it may instead need 'up echo "nameserver > 192.168.0.100" >> >/etcf/resolv.conf' and no 'down', or even other approaches to setting >> nameservers. Using resolvconf is the 'right' way with 2007/2008 > distros, >> AFAICS. >> >> j >> >> >> >> On Mon, 06 Oct 2008 23:43:59 +0200, "Nicolas Linkert" >> <[EMAIL PROTECTED]> >> wrote: >> > The following entry in /etc/network/interfaces allows me to log into > the >> > FR - but then I have no access to the internet ... >> > >> > # The primary network interface >> > allow-hotplug eth0 >> > iface eth0 inet static >> > address 192.168.0.101 >> > netmask 255.255.255.0 >> > network 192.168.0.0 >> > broadcast 192.168.0.255 >> > gateway 192.168.0.100 >> > dns-nameservers 192.168.0.100 >> > dns-search gamma.vz >> > >> > auto usb0 >> > iface usb0 inet static >> > address 192.168.0.200 >> > netmask 255.255.255.0 >> > >> > >> > On Mon, 06 Oct 2008 21:28:21 +0200, "Nicolas Linkert" >> > <[EMAIL PROTECTED]> said: >> >> >> >> On Mon, 6 Oct 2008 14:53:32 -0400, "Joel Newkirk" >> >> <[EMAIL PROTECTED]> said: >> >> > On Mon, 06 Oct 2008 20:42:41 +0200, "Nicolas Linkert" >> >> > <[EMAIL PROTECTED]> >> >> > wrote: >> >> > > Hi, >> >> > > >> >> > > no, that does not change anything. >> >> > > >> >> > > ifconfig usb0 192.168.0.200 netmask 255.255.255.0 >> >> > > route add -host 192.168.0.202 gw 192.168.0.200 >> >> > > >> >> > >> >> > >> > Host IP: 192.168.0.101 >> >> > >> > DNS: 192.168.0.100 >> >> > >> > >> >> > >> > On the host I do as root: >> >> > >> > ifconfig usb0 192.168.0.200 netmask 255.255.255.0 >> >> > >> > ssh [EMAIL PROTECTED] >> >> > >> > >> >> > >> > No route to host ... ? >> >> > >> >> > can you post the output of "ip a" and "ip r" on the host? >> >> >> >> ip a >> >> >> >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN >> >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> >> inet 127.0.0.1/8 scope host lo >> >> inet6 ::1/128 scope host >> >> valid_lft forever preferred_lft forever >> >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> >> state UP qlen 1000 >> >> link/ether 00:1f:29:7f:4e:a5 brd ff:ff:ff:ff:ff:ff >> >> inet 192.168.0.101/24 brd 192.168.0.255 scope global eth0 >> >> inet6 fe80::21f:29ff:fe7f:4ea5/64 scope link >> >> valid_lft forever preferred_lft forever >> >> 3: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> >> state UNKNOWN qlen 1000 >> >> link/ether 6e:6d:ef:52:f2:5b brd ff:ff:ff:ff:ff:ff >> >> >> >> ip r >> >> >> >> 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.101 >> >> 169.254.0.0/16 dev eth0 scope link metric 1000 >> >> default via 192.168.0.100 dev eth0 >> >> >> >> > >> >> > What OS on the host? (well, OS presumably is 'linux' if you're > able >> > to >> >> > use >> >> > ifconfig usb0, but what distro?) >> >> >> >> Debian Lenny >> >> >> >> cu, >> >> Nick >> >> >> >> _______________________________________________ >> >> Openmoko community mailing list >> >> community@lists.openmoko.org >> >> http://lists.openmoko.org/mailman/listinfo/community >> > >> > _______________________________________________ >> > Openmoko community mailing list >> > community@lists.openmoko.org >> > http://lists.openmoko.org/mailman/listinfo/community >> >> >> _______________________________________________ >> Openmoko community mailing list >> community@lists.openmoko.org >> http://lists.openmoko.org/mailman/listinfo/community > > _______________________________________________ > Openmoko community mailing list > community@lists.openmoko.org > http://lists.openmoko.org/mailman/listinfo/community _______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community