This has probably been beaten to death, but I can't find anything that fits my exact situation (maybe I'm using the wrong keywords, sorry).
Server:
eth0 - external NIC, DHCP IP from ISP
eth1 - internal NIC, static 192.168.0.1
DHCP running on eth1
IPTABLES set up to masquerade on eth0
(this setup was working previously, which is why I'm puzzled).
I have a computer connected up via server's eth1. It's IP is 192.168.0.201 (/etc/init.d/networking restart) gives me a DHCPOFFER and everything, so DHCP seems to be working fine.
Server:
can access internet
I can ssh into 192.168.0.201 (even though it seems to take longer than usual)
192.168.0.201:
can ping server (well duh, I ssh'ed in from the server)
cannot access internet
for DNS on the internal NAT I'm using the same DNS servers as the router, so the server's resolv.conf:
nameserver 69.169.190.211
nameserver 208.72.160.67
and 192.168.0.201's resolv.conf:
nameserver 69.169.190.211
nameserver 208.72.160.67
ping google.com - times out
host google.com 69.169.190.211 - times out
host google.com 208.72.160.67 - times out
--more importantly,
ping 69.169.190.211 - times out
ping 208..72.160.67 - times out
what am I missing?
here's my iptables if you're curious:
Code:# Generated by iptables-save v1.3.8 on Thu Aug 28 11:54:23 2008 *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE # Home Automation -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Thu Aug 28 11:54:23 2008 # Generated by iptables-save v1.3.8 on Thu Aug 28 11:54:23 2008 *mangle :PREROUTING ACCEPT [1149:83303] :INPUT ACCEPT [1087:79445] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3183:4639340] :POSTROUTING ACCEPT [3187:4640334] COMMIT # Completed on Thu Aug 28 11:54:23 2008 # Generated by iptables-save v1.3.8 on Thu Aug 28 11:54:23 2008 *filter :FORWARD ACCEPT [0:0] :INPUT DROP [0:0] :OUTPUT ACCEPT [0:0] # Open Ports -A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports ssh,www,https,smtp,imap,imaps,pop3s,10000,ftp,3689 -A FORWARD -o eth1 -j LOG -A FORWARD -i eth1 -j LOG -A FORWARD -i eth0 -o eth1 -j ACCEPT -A FORWARD -m state -i eth1 -o eth0 --state ESTABLISHED,RELATED -j ACCEPT -A OUTPUT -o eth1 -j LOG -A INPUT -i lo -j ACCEPT # Accept traffic from internal interfaces -A INPUT -i eth1 -j ACCEPT # Accept traffic with the ACK flag set -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT # Allow incoming data that is part of a connection we established or related -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Accept responses to DNS queries -A INPUT -p udp -m udp -m multiport --dport 1024:65535 --ports 53 -j ACCEPT # Accept traceroutes -A INPUT -p udp -m udp --dport 33434:33523 -j ACCEPT # Accept responses to our pings -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT # Accept notifications of unreachable hosts -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT # Respond to pings -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT # Accept notifications to reduce sending speed -A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT # Accept notifications of lost packets -A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT # Accept notifications of protocol problems -A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT COMMIT # Completed on Thu Aug 28 11:54:23 2008
Adv Reply
Bookmarks