[Techtalk] re: DNS and IP Masq

Malcolm Tredinnick malcolm at commsecure.com.au
Fri Mar 21 15:21:57 EST 2003 

On Thu, Mar 20, 2003 at 06:57:07PM -0800, Berenice wrote:
[...]
> IP forwarding is on, and I've turned off the iptables firewall script
> since this problem was occurring before I installed the script. I
> didn't set any iptables rules before that.   I suspect the problem
> lies in how the routing was set up. 
> 
> We have a dialup internet connection and the modem is configured to
> automatically obtain DNS information from the provider.
> 
> My machine is the host and its adddress is 192.168.0.1.  
> Network address: 192.168.0.0
> Broadcast address: 192.168.0.255
> Subnet mask: 255.255.255.0
> 
> My sister's address is 192.168.0.1 and her gateway is 192.168.0.1

Is this a typo? If not, we have found the problem. The two machines need
to have _different_ IP addresses. If your sister's machine is
192.168.0.1, then when it talks to its idea of a gateway, it gets no
further than itself. I would guess that your sister's machine is
something like 192.168.0.2 with 192.168.0.1 as the gateway (which would
be correct).

> Here's the routing table info (sorry it's wrapped):
> 
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref   
> Use Iface
> 139.134.99.179  0.0.0.0         255.255.255.255 UH    0      0       
> 0 ppp0
> 
> 192.168.0.0     0.0.0.0         255.255.255.0   U     0      0       
> 0 eth0
> 
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0       
> 0 lo
> 
> 0.0.0.0         139.134.99.179  0.0.0.0         UG    0      0       
> 0 ppp0

This all looks fine.

One more thing I thought of after sending the last message: do you have
masquerading set up on your box?

If not, packets from your sisters box (let's assume it has an IP address
of 192.168.0.2 to get around the above possible typo) will have a return
address of 192.168.0.2 when they leave your box and external sites will
not know how to route back to that address. Masquerading will rewrite
these outgoing packets as having a return address of whatever your end
of ppp0 is and then the returning packets will be rewritten to go back
to your sister's box on the return journey (alternatively, masquerading
makes things work by magic).

If you have masquerading turned on and the above IP address really is a
typo, let us know. And can you also post the output of iptables -L and
iptables -t nat -L at the same time?

> I don't fully understand how routing works, so please bear with me if
> there are embarrassingly obvious mistakes :)

Don't worry about that. What you are doing is a pretty good way to learn
it and this list is not a bad place to ask questions like this.

Cheers,
Malcolm

-- 
If at first you don't succeed, destroy all evidence that you tried.

More information about the Techtalk mailing list