[clug] Network routing joy (iptables, bridging, nat)

David Tulloh david at tulloh.id.au
Tue Sep 1 06:21:25 MDT 2009 

Thanks for the replies.

The PPPOE works ok from the server box, I can ping out without any issue.
Trying do the same from the lan using the server box as a gateway 
doesn't work.  Traceroute shows that the packet reaches the server 
without any problems, it just stops there though.  DNS requests using 
external servers also fails as does telnet on TCP port 80.

I haven't tried tcpdump, I'll try it tomorrow.  My suspicion is that I 
haven't got the routing set up correctly so it's never reaching the 
interface.
This was the iptables command I was using without the bridge, it worked 
perfectly:
sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/proc/sys/net/ipv4/ip_forward is 1


David

Francis James Whittle wrote:
> Are you sure it's just NAT that fails, or does PPPoE break entirely?
>
> On Tue, 2009-09-01 at 20:36 +1000, David Tulloh wrote:
>   
>>      |----------------|
>>      |      br0       |
>>      |                |  ||-- LAN
>> VM --|-- tap1   eth1==|==||
>> VM --|-- tap2     ^   |  ||-- Modem, PPPOE
>>      |            |   |
>>      |------------|---|
>>                   |
>>                /-----\
>>                | NAT |
>>                \-----/
>>                   |
>>                  ppp0
>>
>>
>>
>> I have a server with a fairly complex networking setup.  I've tried to 
>> depict it above, which should be legible in a fixed-width font.
>>
>> The server has a single network card, eth1.  It connects to a local 
>> network running on a private subnet.
>>
>> I have a modem which provides bridging internet access, the server 
>> connects using ppp.  The actual traffic passes through eth1.
>>
>> Eth1 is bridged in br0 providing access for VMs running on the server 
>> using tap devices.
>>
>> The server has a static ip address on br0, it runs a dhcp server that 
>> controls the rest of the network.
>>
>> All of the above works correctly.
>>
>>
>> What does NOT work correctly is NAT.  I want to route all the traffic 
>> from the LAN and VMs out ppp0 through a NAT system.
>>
>> NAT will work without the bridging but I can't get both to work at the 
>> same time.
>>
>>
>> Honestly I don't really understand the networking stack in Linux 
>> particularly when it gets this complex.  The information I've found 
>> online talks about multiple NAT hook points including in the routing 
>> layer with iptables and the bridging layer with ebtables.  I've tried a 
>> number of different approaches and nothing has so far worked.
>>
>> Can anyone help detangle this mess for me and guide me on the correct 
>> incantations to make it work?
>>
>>
>> David
>>     
>
>

More information about the linux mailing list