From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-user+bounces-63886-garchives=archives.gentoo.org@gentoo.org>)
	id 1HnRMc-0006xn-V9
	for garchives@archives.gentoo.org; Mon, 14 May 2007 03:36:47 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4E3Zb6t017780;
	Mon, 14 May 2007 03:35:37 GMT
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.240])
	by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4E3VjaF013524
	for <gentoo-user@lists.gentoo.org>; Mon, 14 May 2007 03:31:45 GMT
Received: by an-out-0708.google.com with SMTP id b33so439273ana
        for <gentoo-user@lists.gentoo.org>; Sun, 13 May 2007 20:31:45 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=lpRk3I5ro0pHUdz8mRvgAkpEhYugrm0zFxpkOLCBv9ejgqeTgf1a5NafC2aM/CaL2Yoy7Pp19fOWevePUfRcvfk/SHWX/ipYbJHLsbgZEGFS7chDSh/mc+FfPSdftFw2W9TbbqU67r5lQTut7KkaavUANJAA7XNBh8spcEMskpY=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=Tl3w6WaxREmrOpn6o3aQqsthAV92N/K/RDoJXWaJTUsgSGfzd/0f16Vo5RvI8A4GyqGQEQSZ5yJVc/m2aWv0yzvl4y/hdZlw8iXE/aGP9TSB1f7ZnikPLAoNg49bmZZIsY+sJGOSDaa7vo+OFgZx2gFPwOjnUgGoDc8soa7hBbI=
Received: by 10.100.95.19 with SMTP id s19mr3304635anb.1179113504997;
        Sun, 13 May 2007 20:31:44 -0700 (PDT)
Received: by 10.100.174.17 with HTTP; Sun, 13 May 2007 20:31:44 -0700 (PDT)
Message-ID: <7797aa370705132031m40aa555bx439389552a0443d@mail.gmail.com>
Date: Mon, 14 May 2007 11:31:44 +0800
From: "Chuanwen Wu" <wcw8410@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] iptables configuration problem
In-Reply-To: <464728CF.9070809@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <7797aa370705130741m381555b2qf64fc3a96c271769@mail.gmail.com>
	 <464728CF.9070809@gmail.com>
X-Archives-Salt: 3addd9a5-fd10-4bee-ba90-28955aa360f2
X-Archives-Hash: ab38c1f535a35dd9709a26b3066b7199

2007/5/13, Fabio A Correa <facorread@gmail.com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello Wu,
>
> Instead of the commands you posted, you should use
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables --table nat -A POSTROUTING -s 192.168.8.0/24 -j MASQUERADE
>
I have tried.But still not work.
Here is the information after execute your advice:
-------------------------------------------------------------------------------------------------
[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@localhost ~]# iptables --table nat -A POSTROUTING -s
192.168.1.0/24 -j MASQUERADE
[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@localhost ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  192.168.1.0/24       anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

------------------------------------------------------------------------------
Then in my other PCs,I still can't ping the website outside.
Why?


> Long explanation:
>
> The first command enables the kernel to _forward_ packets from eth0 to eth1 and vice versa. To
> do the actual forwarding, the second command is used:
>
> - --table nat : Network address translation table.
> - -A POSTROUTING for altering packets as they are about to go out, after it is determined that
> they are to be forwarded by means of the first instruction.
> - -j MASQUERADE Masquerade the addresses of computer in the subnet with the address of the routing
> computer.
>
> The kernel takes care of the subtle details on masquerading.
>
> I hope this helps!!!
>
> - --
> Fabio A. Correa D.
>
> Physics Dept, Universidad Nacional, Bogota, Colombia
> facorread@gmail.com
> ffaaccdd@yahoo.co.uk         facorread@unal.edu.co
> My webpage and OpenPGP key at http://facorread.150m.com
> facorread@alexandria.cc is not working anymore!!!
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGRyjPYOZCB4zf2uQRAp2eAJwIYrXAQqldgZjRN0u+uDOW8t/aTgCeOQOb
> RTmVGHOHQQWUzVxkZomHhHo=
> =xvIZ
> -----END PGP SIGNATURE-----
> --
> gentoo-user@gentoo.org mailing list
>
>
Thank you for your details!!!

-- 
wcw
-- 
gentoo-user@gentoo.org mailing list