From: Darryl Ross (spam_at_afoyi.com)
Date: Wed 15 Dec 2004 - 21:44:05 GMT
Herbert Poetzl wrote:
> first, the nat table is not relevant for linux-vserver
> as there is nothing to 'forward'.
The nat table doesn't just handle forwarded packets. If you notice the
chains are PREROUTING and POSTROUTING. PREROUTING matches all packets
coming into the system, whether they will be subsequenctly routed to
another machine or not, and POSTROUTING matches all packets leaving the
system, whether they were locally generated or forwarded from another
interface. The only chain that is not relevant to locally generated
packets is the FORWARD chain in the filter table.
> second as it is very likely a configuration issue, what
> does a tcpdump on the 'host' show, when you do a simple
> connect to a web server (like: telnet google.com 80)
He hasn't posted a response, but it will show packets leaving eth0 with
a source address of the vserver.
> third, what is your network setup, and what does your
> gateway (router) do/allow?
His original message said the vserver was bound to eth1 on a 'black' IP
address and eth0 is directly on the Internet with a dynamic IP address,
presumably through a cable modem or similar. There would be no gateway,
no router, as his linux box is doing that.
Vincenzo, try adding a rule similar to the following:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
You should of course read up on Linux firewalling, the Linux Advanced
Routing HOWTO would be a good place to start.
Vserver mailing list