| Linode Forum https://forum.linode.com/ |
|
| help, linode with Private IP act as gateway fail!! https://forum.linode.com/viewtopic.php?f=19&t=3393 |
Page 1 of 1 |
| Author: | kotter [ Mon Jul 21, 2008 12:45 pm ] |
| Post subject: | help, linode with Private IP act as gateway fail!! |
first linode: iface eth0 inet static address 207.192.*.* netmask 255.255.255.0 gateway 207.192.72.1 iface eth1 inet static address 192.168.133.* netmask 255.255.128.0 echo 1 >/proc/sys/net/ipv4/ip_forward cat /proc/sys/net/ipv4/ip_forward result is 1 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.128.0/17 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth0 -s 192.168.128.0/17 -j SNAT --to-source 207.192.*.*(first public ip) secenod linode: iface eth0 inet static address 207.192.*.* netmask 255.255.255.0 gateway 207.192.72.1 iface eth1 inet static address 192.168.133.* netmask 255.255.128.0 route add -net 192.168.128.0/17 gw 192.168.133.*(first private ip) Below is the route table: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 207.192.73.0 * 255.255.255.0 U 0 0 0 eth0 192.168.128.0 192.168.133.* 255.255.128.0 UG 0 0 0 eth1 192.168.128.0 * 255.255.128.0 U 0 0 0 eth1 default gateway37.linod 0.0.0.0 UG 0 0 0 eth0 >>>>This explains that route and gateway is right ping first-private-ip is ok ping 207.192.72.1 -I eth1 is ok traceroute 207.192.72.1 ok traceroute -i eth0 207.192.72.1 ok traceroute -i eth1 207.192.72.1 fail >>>>This explains that Private IP act as gateway for another Private ip has fail!! >>>>can anybody help me? |
|
| Author: | kotter [ Mon Jul 21, 2008 12:58 pm ] |
| Post subject: | iptables --list -t nat |
in first lindo iptables --list -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination nat_in 0 -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination nat_out 0 -- anywhere anywhere eth0_masq 0 -- anywhere anywhere SNAT 0 -- 192.168.128.0/17 anywhere to:207.192.72.*(my ip) MASQUERADE 0 -- 192.168.128.0/17 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain eth0_masq (1 references) target prot opt source destination MASQUERADE 0 -- 192.168.128.0/17 anywhere policy match dir out pol none Chain nat_in (1 references) target prot opt source destination DNAT 0 -- anywhere li36-35.members.linode.com policy match dir in pol none to:192.168.133.* Chain nat_out (1 references) target prot opt source destination SNAT 0 -- 192.168.133.* anywhere policy match dir out pol none to:207.192.72.* |
|
| Author: | nabber00 [ Wed Jul 23, 2008 2:45 pm ] |
| Post subject: | |
It might help if you explain what you are trying to do with this configuration. And what does your failed traceroute actually output? My guess is that right now traceroute just fails because it can't find a route in your routing table. When you specify -i eth1 that limits you to: 192.168.128.0 192.168.133.* 255.255.128.0 UG 0 0 0 eth1 192.168.128.0 * 255.255.128.0 U 0 0 0 eth1 Since your destination address is not in the 192.168 subnet it will fail. My guess is you want to specify a secondary default gateway using eth1 and your 192.168 gateway address. |
|
| Author: | kotter [ Wed Jul 23, 2008 2:54 pm ] |
| Post subject: | |
i have disable public ip on second lindo's eth0,defaulu gateway is first linode's private ip,but cant not ping ,traceroute is fail too. |
|
| Author: | nabber00 [ Wed Jul 23, 2008 4:20 pm ] |
| Post subject: | |
Can you give us a routing table update then? |
|
| Author: | kotter [ Wed Jul 23, 2008 4:26 pm ] |
| Post subject: | |
Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.128.0 * 255.255.128.0 U 0 0 0 eth1 default 192.168.133.20 0.0.0.0 UG 0 0 0 eth1 |
|
| Author: | kotter [ Wed Jul 23, 2008 4:27 pm ] |
| Post subject: | |
I ssh to second lindo through first lindo. |
|
| Author: | kotter [ Wed Jul 23, 2008 4:29 pm ] |
| Post subject: | |
i make it success very easy on my pc.that only need "apt get install ipmasq" , i study the iptables -L result careful? i believe my lindo's iptables'configure is correct. i have ifconfig down eth0 ,only eth1 is up. tcpdump record only dispay "arp who has..,reply to...", is lindo's private network something about arp is disabled? |
|
| Author: | nabber00 [ Wed Jul 23, 2008 11:10 pm ] |
| Post subject: | |
I just use a one-liner when I do NAT, you might want to try just this to start: iptables --table nat --append POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE Also you should probably trying turning off all of your iptables NAT stuff and see if you can to a normal ping between linodes. If that doesn't work, NAT won't work for sure. |
|
| Author: | kotter [ Fri Jul 25, 2008 10:38 am ] |
| Post subject: | |
i have give up. this is a easy thing in a linux server,but in linode ,it can not. i ensure there is something is disabled in lindo's private network. |
|
| Author: | bdonlan [ Fri Jul 25, 2008 1:12 pm ] |
| Post subject: | |
For security reasons, all network interfaces (including the private net) are filtered to only be able to send packets on their own IP addresses. If you want to masquerade through the private net, you will need to establish an IP-in-IP tunnel. Although I'm not sure why you'd want to. |
|
| Author: | kotter [ Fri Jul 25, 2008 1:21 pm ] |
| Post subject: | |
bdonlan wrote: For security reasons, all network interfaces (including the private net) are filtered to only be able to send packets on their own IP addresses.
If you want to masquerade through the private net, you will need to establish an IP-in-IP tunnel. Although I'm not sure why you'd want to. this is the reason, but i have remove the second lindo form my account |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|