Accessing VE from 2 different networks [message #7668] |
Thu, 19 October 2006 23:32 |
gwondaleya
Messages: 6 Registered: October 2006
|
Junior Member |
|
|
Hello
Still with my ipcop box (see message on MASQUERADE).
the config is the following
one eth card pointing to my lan (eth0) 192.168.1.1
one eth card pointing to internet (eth2) 192.168.0.1
one VE with venet, IP address of the VE is 192.168.2.1
I have been able for now to start a VE with LAMP and named too.
i have allowed DNAT and SNAT for the eth0 using the commands given in the howto networking :
iptables -t nat -A PREROUTING -p tcp -d ip_address --dport 80 \
-i eth0 -j DNAT --to-destination ve_address:80
iptables -t nat -A POSTROUTING -s ve_address -o eth0 -j SNAT --to ip_address
idem for port 53 (dns service)
and also the same commands for eth2 (internet) (port 80 and 53)
My problem is that while it works perfectly for the lan (access to the web server and name resolution OK), the access from the eth2 device doesn't work at all (nor web nor dns)
here are the output of
route -nv and ifconfig -a on HN
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.1 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 192.168.0.254 0.0.0.0 UG 0 0 0 eth2
eth0 Link encap:Ethernet HWaddr 00:E0:4C:03:0F:F4
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12310 errors:0 dropped:0 overruns:0 frame:0
TX packets:10594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1077738 (1.0 MB) TX bytes:3594838 (3.4 MB)
Interrupt:11 Base address:0xf800
eth1 Link encap:Ethernet HWaddr 00:50:FC:A3:30:6C
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:10 Base address:0xf400
eth2 Link encap:Ethernet HWaddr 00:50:FC:A3:16:4E
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
RX packets:2749 errors:0 dropped:0 overruns:0 frame:0
TX packets:2327 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1946756 (1.8 MB) TX bytes:287825 (281.0 KB)
Interrupt:9 Base address:0xf000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3272 (3.1 KB) TX bytes:3272 (3.1 KB)
sit0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:493 errors:0 dropped:0 overruns:0 frame:0
TX packets:521 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:190393 (185.9 KB) TX bytes:36381 (35.5 KB)
the iptables -t nat -nvL give:
Chain PREROUTING (policy ACCEPT 691 packets, 57689 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth0 * 0.0.0.0/0 192.168.1.1 tcp dpt:53 to:192.168.2.1:53
0 0 DNAT udp -- eth0 * 0.0.0.0/0 192.168.1.1 udp dpt:53 to:192.168.2.1:53
18 912 DNAT tcp -- eth2 * 0.0.0.0/0 192.168.0.1 tcp dpt:53 to:192.168.2.1:53
27 1578 DNAT udp -- eth2 * 0.0.0.0/0 192.168.0.1 udp dpt:53 to:192.168.2.1:53
Chain POSTROUTING (policy ACCEPT 21 packets, 2159 bytes)
pkts bytes target prot opt in out source destination
153 9214 CUSTOMPOSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0
153 9214 REDNAT all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 SNAT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x1 to:192.168.1.1
0 0 SNAT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x3 to:192.168.2.1
0 0 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to:192.168.1.1
0 0 SNAT all -- * eth2 0.0.0.0/0 0.0.0.0/0 to:192.168.0.1
All seems clear to me, but the dns do not respond from outside (as dnsreport.com report) nor the web as a friend of me checked.
Any idea?
|
|
|