On Fri, 2010-10-29 at 10:58 +1300, Bryce Stenberg wrote: > Hi, > > I'm thought I'd just post a follow up on this with regard to what made it > work, in case anyone in the future is searching on a similar issue. > > I only got this going with some very good assistance and direction from Jim > Cheetam - many thanks Jim for your time and help, it is much appreciated. > > First change was my 'host-only' virtualbox network from the ubuntu router > machine to other virtual client machines - changed this network type to > 'Internal' instead of 'host-only' in the virtualbox settings. > > Removed the ubuntu firewall (ufw) package as that seemed to interfere with > the traffic and added lots of rules to iptables, went to just using iptables > with one rule. > > Using network sniffers determined client packets got routed out to the > internet and returned as far as the host side of the NAT network (10.0.2.2) > that connects to the ubuntu router. At this point the virtualbox NAT did not > know what machines were on the other side of the ubuntu router and so would > issue arp requests trying to find the originating machine... which would fail. > > So we made the ubuntu router also do NAT to get around this. > > Commands to achieve this on the ubuntu router machine: > > apt-get remove ufw > > Edit "/etc/rc.local" to get the routing to happen after reboot. > Added: > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > echo 1 > /proc/sys/net/ipv4/ip_forward > > > Best regards to all, > Bryce Stenberg. [snip] Glad to hear that it 's all working.
It's generally regarded that SNAT should be used in preference to MASQUERADE as it has a memory - so it's safe to quickly disconnect/reconnect cables, etc. MASQUERADE is really only best used for dialout connections where that history would be worthless. My $0.02, Steve -- Steve Holdoway BSc(Hons) MNZCS <[email protected]> http://www.greengecko.co.nz MSN: [email protected] Skype: sholdowa
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
