View Single Post
  #5  
Old 3rd August 2011, 18:56
johncongdon johncongdon is offline
Junior Member
 
Join Date: Aug 2011
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I wish I was not telling you something. That's why I tried to be very specific in my setup and testing that I have done. I have setup simple masquerading before, should not be this difficult. I also made sure selinux was off, in case that was the issue. I can ping from A to the private side of B, so ping is not being blocked on A.

I also went back to your suggestion of iptables -t nat -I POSTROUTING -o eth1 -j MASQUERADE, and I get the same results.

I see the ping request/reply on C (in your example).
I see the ping request/reply on B ( on both eth0 and eth1 )

The firewall on A is default open
Quote:
root@PSWEBNODE1 [~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain acctboth (0 references)
target prot opt source destination
root@PSWEBNODE1 [~]# cat /etc/redhat-release
CentOS release 5.6 (Final)
Output from B
Quote:
[root@psfw1 ~]# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:46:49.508565 IP 10.0.73.11 > MachineC: ICMP echo request, id 36931, seq 1, length 64
11:46:49.528951 IP MachineC > 10.0.73.11: ICMP echo reply, id 36931, seq 1, length 64
11:46:50.508192 IP 10.0.73.11 > MachineC: ICMP echo request, id 36931, seq 2, length 64
11:46:50.529028 IP MachineC > 10.0.73.11: ICMP echo reply, id 36931, seq 2, length 64

4 packets captured
4 packets received by filter
0 packets dropped by kernel
[root@psfw1 ~]# tcpdump -i eth1 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
11:46:53.507654 IP MachineB_PublicIP > MachineC: ICMP echo request, id 36931, seq 5, length 64
11:46:53.527257 IP MachineC > MachineB_PublicIP: ICMP echo reply, id 36931, seq 5, length 64

2 packets captured
2 packets received by filter
0 packets dropped by kernel
Output from C
Quote:
[root@squishy scanner]# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:47:18.171359 IP MachineB_PublicIP > MachineC: icmp 64: echo request seq 74
11:47:18.250561 IP MachineC > MachineB_PublicIP: icmp 64: echo reply seq 74

2 packets captured
2 packets received by filter
0 packets dropped by kernel
Reply With Quote