From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HnnX4-00030K-Q0 for garchives@archives.gentoo.org; Tue, 15 May 2007 03:17:03 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4F3FT3R011781; Tue, 15 May 2007 03:15:29 GMT Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.245]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4F3Au78007073 for ; Tue, 15 May 2007 03:10:57 GMT Received: by an-out-0708.google.com with SMTP id b33so544898ana for ; Mon, 14 May 2007 20:10:56 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=TCOaanCGC/VSYOjHrBxLb+PKuao8x8v3grCZOLlRI7+1/WriLUDGngXW+YhT+Wj7SBR7VaUC+6s5Eb8BpE05UvFtUuUCK6mJr6k3F+7EXhhbqhA/GVEKJ9txhl41826hEGHUgQIcuht7ktV9vX//RjZ/d0boWtC4bzxTmHGGBuM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Y7q8Eg5BqudYZ8TtYtbC/aSCIJekESJAbInX1+ey+hfsPXOHQQHQ428ypCco5tkQq/z3jfPvWEBFju0E/NZ7AVwgv3AOqyzbbq4m5SslXg4fSgjjyr/uTzw4qKyac2lgQ7TDK/JLsa3wfaJ2XI8HU+PirwOJ5P5KHSc0L8Yl3tA= Received: by 10.100.122.8 with SMTP id u8mr5036830anc.1179198655527; Mon, 14 May 2007 20:10:55 -0700 (PDT) Received: by 10.100.174.17 with HTTP; Mon, 14 May 2007 20:10:55 -0700 (PDT) Message-ID: <7797aa370705142010i6f4f95d9n60d280c3dc9cee0e@mail.gmail.com> Date: Tue, 15 May 2007 11:10:55 +0800 From: "Chuanwen Wu" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] iptables configuration problem In-Reply-To: <20070514214957.717a8ea9@voyager.g.spore.ath.cx> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <7797aa370705130741m381555b2qf64fc3a96c271769@mail.gmail.com> <200705140056.33985.nbensa@gmx.net> <7797aa370705140218s1ee9b7b4yea52a7140b031b05@mail.gmail.com> <200705140748.34409.nbensa@gmx.net> <7797aa370705140423p2f320d5akfc18fc71e0f10a52@mail.gmail.com> <49402.192.168.1.200.1179154714.squirrel@webmail.bensa.ar> <20070514163611.7af23e51@pascal.spore.ath.cx> <7797aa370705141935y2b80b4c5n7eeb09c2687ac793@mail.gmail.com> <20070514214957.717a8ea9@voyager.g.spore.ath.cx> X-Archives-Salt: 4b323c5d-a3cb-48e0-8a03-a4e0aaf4e48d X-Archives-Hash: b2e7c36573e2fe2e3f9e8fbb303bee8b 2007/5/15, Dan Farrell : > On Tue, 15 May 2007 10:35:38 +0800 > "Chuanwen Wu" wrote: > > > Does it mean that eth1(the interface in my subnet) receive the request > > but don't post forward it? > > Perhaps you should attach the output of "iptables -t nat -L -v; > iptables -L -v;" so I can see the rules... while you're at it, # iptables -L -v Chain INPUT (policy ACCEPT 24414 packets, 3853K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 33323 packets, 7123K bytes) pkts bytes target prot opt in out source destination # iptables -L -v -t nat Chain PREROUTING (policy ACCEPT 7546 packets, 1103K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 340 packets, 28034 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- any any 192.168.1.0/24 anywhere Chain OUTPUT (policy ACCEPT 350 packets, 28746 bytes) pkts bytes target prot opt in out source destination > edit /etc/sysctl.conf so that forwarding is enabled every time you > reboot, and make sure it's still enabled now. Oh!God!My must forget to enabled forwarding after last night! Now,the PCs in the subnet can connect internal! By the way,do you mean to change " #net.ipv4.ip_forward = 0(default in /etc/sysctl.conf)" to "net.ipv4.ip_forward = 1"? > -- > gentoo-user@gentoo.org mailing list > > -- wcw -- gentoo-user@gentoo.org mailing list