help, linode with Private IP act as gateway fail!!
iface eth0 inet static
address 207.192..
netmask 255.255.255.0
gateway 207.192.72.1
iface eth1 inet static
address 192.168.133.*
netmask 255.255.128.0
echo 1 >/proc/sys/net/ipv4/ip_forward
cat /proc/sys/net/ipv4/ip_forward
result is 1
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.128.0/17 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.128.0/17 -j SNAT –to-source 207.192..(first public ip)
secenod linode:
iface eth0 inet static
address 207.192..
netmask 255.255.255.0
gateway 207.192.72.1
iface eth1 inet static
address 192.168.133.*
netmask 255.255.128.0
route add -net 192.168.128.0/17 gw 192.168.133.*(first private ip)
Below is the route table:
Destination Gateway Genmask Flags Metric Ref Use Iface
207.192.73.0 * 255.255.255.0 U 0 0 0 eth0
192.168.128.0 192.168.133.* 255.255.128.0 UG 0 0 0 eth1
192.168.128.0 * 255.255.128.0 U 0 0 0 eth1
default gateway37.linod 0.0.0.0 UG 0 0 0 eth0
This explains that route and gateway is right
ping first-private-ip is ok
ping 207.192.72.1 -I eth1 is ok
traceroute 207.192.72.1 ok
traceroute -i eth0 207.192.72.1 ok
traceroute -i eth1 207.192.72.1
This explains that Private IP act as gateway for another Private ip has
fail!! can anybody help me?
11 Replies
iptables –list -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
nat_in 0 -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
nat_out 0 -- anywhere anywhere
eth0_masq 0 -- anywhere anywhere
SNAT 0 -- 192.168.128.0/17 anywhere to:207.192.72.*(my ip)
MASQUERADE 0 -- 192.168.128.0/17 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain eth0_masq (1 references)
target prot opt source destination
MASQUERADE 0 -- 192.168.128.0/17 anywhere policy match dir out pol none
Chain nat_in (1 references)
target prot opt source destination
DNAT 0 -- anywhere li36-35.members.linode.com policy match dir in pol none to:192.168.133.*
Chain nat_out (1 references)
target prot opt source destination
SNAT 0 -- 192.168.133.* anywhere policy match dir out pol none to:207.192.72.*
My guess is that right now traceroute just fails because it can't find a route in your routing table. When you specify -i eth1 that limits you to:
192.168.128.0 192.168.133.* 255.255.128.0 UG 0 0 0 eth1
192.168.128.0 * 255.255.128.0 U 0 0 0 eth1
Since your destination address is not in the 192.168 subnet it will fail. My guess is you want to specify a secondary default gateway using eth1 and your 192.168 gateway address.
192.168.128.0 * 255.255.128.0 U 0 0 0 eth1
default 192.168.133.20 0.0.0.0 UG 0 0 0 eth1
i study the iptables -L result careful? i believe my lindo's iptables'configure is correct.
i have ifconfig down eth0 ,only eth1 is up.
tcpdump record only dispay "arp who has..,reply to…",
is lindo's private network something about arp is disabled?
iptables –table nat --append POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE
Also you should probably trying turning off all of your iptables NAT stuff and see if you can to a normal ping between linodes. If that doesn't work, NAT won't work for sure.
this is a easy thing in a linux server,but in linode ,it can not.
i ensure there is something is disabled in lindo's private network.
If you want to masquerade through the private net, you will need to establish an IP-in-IP tunnel. Although I'm not sure why you'd want to.
@bdonlan:
For security reasons, all network interfaces (including the private net) are filtered to only be able to send packets on their own IP addresses.
If you want to masquerade through the private net, you will need to establish an IP-in-IP tunnel. Although I'm not sure why you'd want to.
this is the reason,
but i have remove the second lindo form my account