From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from <gentoo-user+bounces-63886-garchives=archives.gentoo.org@gentoo.org>) id 1HnRMc-0006xn-V9 for garchives@archives.gentoo.org; Mon, 14 May 2007 03:36:47 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4E3Zb6t017780; Mon, 14 May 2007 03:35:37 GMT Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.240]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4E3VjaF013524 for <gentoo-user@lists.gentoo.org>; Mon, 14 May 2007 03:31:45 GMT Received: by an-out-0708.google.com with SMTP id b33so439273ana for <gentoo-user@lists.gentoo.org>; Sun, 13 May 2007 20:31:45 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lpRk3I5ro0pHUdz8mRvgAkpEhYugrm0zFxpkOLCBv9ejgqeTgf1a5NafC2aM/CaL2Yoy7Pp19fOWevePUfRcvfk/SHWX/ipYbJHLsbgZEGFS7chDSh/mc+FfPSdftFw2W9TbbqU67r5lQTut7KkaavUANJAA7XNBh8spcEMskpY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Tl3w6WaxREmrOpn6o3aQqsthAV92N/K/RDoJXWaJTUsgSGfzd/0f16Vo5RvI8A4GyqGQEQSZ5yJVc/m2aWv0yzvl4y/hdZlw8iXE/aGP9TSB1f7ZnikPLAoNg49bmZZIsY+sJGOSDaa7vo+OFgZx2gFPwOjnUgGoDc8soa7hBbI= Received: by 10.100.95.19 with SMTP id s19mr3304635anb.1179113504997; Sun, 13 May 2007 20:31:44 -0700 (PDT) Received: by 10.100.174.17 with HTTP; Sun, 13 May 2007 20:31:44 -0700 (PDT) Message-ID: <7797aa370705132031m40aa555bx439389552a0443d@mail.gmail.com> Date: Mon, 14 May 2007 11:31:44 +0800 From: "Chuanwen Wu" <wcw8410@gmail.com> To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] iptables configuration problem In-Reply-To: <464728CF.9070809@gmail.com> Precedence: bulk List-Post: <mailto:gentoo-user@lists.gentoo.org> List-Help: <mailto:gentoo-user+help@gentoo.org> List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org> List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <7797aa370705130741m381555b2qf64fc3a96c271769@mail.gmail.com> <464728CF.9070809@gmail.com> X-Archives-Salt: 3addd9a5-fd10-4bee-ba90-28955aa360f2 X-Archives-Hash: ab38c1f535a35dd9709a26b3066b7199 2007/5/13, Fabio A Correa <facorread@gmail.com>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello Wu, > > Instead of the commands you posted, you should use > > echo 1 > /proc/sys/net/ipv4/ip_forward > iptables --table nat -A POSTROUTING -s 192.168.8.0/24 -j MASQUERADE > I have tried.But still not work. Here is the information after execute your advice: ------------------------------------------------------------------------------------------------- [root@localhost ~]# echo 1 > /proc/sys/net/ipv4/ip_forward [root@localhost ~]# iptables --table nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE [root@localhost ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@localhost ~]# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 192.168.1.0/24 anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ------------------------------------------------------------------------------ Then in my other PCs,I still can't ping the website outside. Why? > Long explanation: > > The first command enables the kernel to _forward_ packets from eth0 to eth1 and vice versa. To > do the actual forwarding, the second command is used: > > - --table nat : Network address translation table. > - -A POSTROUTING for altering packets as they are about to go out, after it is determined that > they are to be forwarded by means of the first instruction. > - -j MASQUERADE Masquerade the addresses of computer in the subnet with the address of the routing > computer. > > The kernel takes care of the subtle details on masquerading. > > I hope this helps!!! > > - -- > Fabio A. Correa D. > > Physics Dept, Universidad Nacional, Bogota, Colombia > facorread@gmail.com > ffaaccdd@yahoo.co.uk facorread@unal.edu.co > My webpage and OpenPGP key at http://facorread.150m.com > facorread@alexandria.cc is not working anymore!!! > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGRyjPYOZCB4zf2uQRAp2eAJwIYrXAQqldgZjRN0u+uDOW8t/aTgCeOQOb > RTmVGHOHQQWUzVxkZomHhHo= > =xvIZ > -----END PGP SIGNATURE----- > -- > gentoo-user@gentoo.org mailing list > > Thank you for your details!!! -- wcw -- gentoo-user@gentoo.org mailing list