Hi, On Tue, 16 Jan 2007 00:30:30 +0100 "Daniel Pielmeier" <[EMAIL PROTECTED]> wrote:
> > - is forwarding actually really enabled? Just "cat" the > > relevant /proc/sys/net/ipv4/ip_forward. > > cat /proc/sys/net/ipv4/ip_forward > returns 1 > > > So remaining things to check would be > > - where do packets do what? Use "tcpdump" on the router to monitor > > how packets flow. Don't cite all the output, but look at where > > packets are coming and going. Two terminals with "tcpdump -i eth0" > > and "tcpdump -i ppp0" would tell you that. Send a few pings from the > > desktop to the internet. Also try pinging an IP from the desktop, not > > just hostnames (to rule out nameserver borkage). > > Here is what tcdump returns! > [...] That's what I wanted to avoid with asking for not citing everything :-) But everything looks quite normal, except for that packets aren't routed. So its up to somebody else to tell exactly what that "policy" module in iptables does -- and how. I don't have answers left here -- except for the case that a manual iptables setup is sufficient. Personally, I'm quite happy with $ iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE $ iptables -A FORWARD -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $ iptables -A FORWARD -i ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT for the forwarding. All that fancy-schmanzy stuff that shorewall does isn't in there, granted. -hwh -- gentoo-user@gentoo.org mailing list
