Herbert Poetzl wrote:
first, the nat table is not relevant for linux-vserver as there is nothing to 'forward'.
The nat table doesn't just handle forwarded packets. If you notice the chains are PREROUTING and POSTROUTING. PREROUTING matches all packets coming into the system, whether they will be subsequenctly routed to another machine or not, and POSTROUTING matches all packets leaving the system, whether they were locally generated or forwarded from another interface. The only chain that is not relevant to locally generated packets is the FORWARD chain in the filter table.
second as it is very likely a configuration issue, what does a tcpdump on the 'host' show, when you do a simple connect to a web server (like: telnet google.com 80)
He hasn't posted a response, but it will show packets leaving eth0 with a source address of the vserver.
third, what is your network setup, and what does your gateway (router) do/allow?
His original message said the vserver was bound to eth1 on a 'black' IP address and eth0 is directly on the Internet with a dynamic IP address, presumably through a cable modem or similar. There would be no gateway, no router, as his linux box is doing that.
Vincenzo, try adding a rule similar to the following:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
You should of course read up on Linux firewalling, the Linux Advanced Routing HOWTO would be a good place to start.
HTH, Darryl _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
