[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iptables and Axis 82

Title: Message
I'm posting this here because it's an ETRAX 82 that I'm working with, but it's also a rather generic linux networking question.  However, I suspect others have successfully done what I'm attempting, and might have a good suggestion:
I'm very new to iptables and have read as much of the literature as my weary brain can absorb.  Still, I am having some difficulty with a simple NAT setup.
My network consists of:
ethernet  --> ADSL -- > Linksys Router --> 3Com Switch --> clients
assigned                          network
The linksys router does the ppoe negotiation and, of course, the WAN ip is not static.
I am attempting to configure an embedded device (called an AXIS 82) as a simple NAT MASQUERADE device.  It's running the 2.4.26 kernel.  The AXIS 82 has two ethernet ports (eth0 and eth1).  eth0 is static and is attached to the 3Com switch.  I assigned to eth0.  eth1 is also set static and is assigned (note that it's on a different subnet, as per some of the reading I've been doing regarding setting this up).
I have udhcpd running on the device and it's able to give out ip addresses within the - range.  Another linux box attached to the AXIS 82 eth1 port (through another switch) is able to get an ip address just fine.
What I want to do is have a workstation attached to eth1 connect to the local LAN ( via the AXIS 82's eth0 and therefore out to the WAN.  I belive this is called "many to one" nat.   I am assuming (hope this is correct) that my destination wants to be (the eth0 ip address).
What I'm doing currently is just for testing purposes.  In its final configuration, the AXIS will attach to a cable modem (with a fixed ip address) instead of the internal LAN.
Here's a diagram of what I want to do:
. {Dynamic WAN ADDRESS)
. {
AXIS 82 ETH0 (
  {AXIS 82 running udhcpd and with iptables nat setup}
AXIS 82 ETH1 (
linux client (supplied by AXIS 82)

Here's what i'm using as a simple NAT setup on the axis 82:
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
iptables -A POSTROUTING -t nat -o eth0 -s -d 0/0 -j MASQUERADE
iptables -A FORWARD -t filter -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Based on this setup, although my client at gets an ip, when I try to ping anything out on the net i get "destination host unreachable".
I should think if this were working I could ping, the eth0 address, and get a reply.  This also fails.
The routing table for the client is: * U 0 0 0 eth1 * U 0 0 0 eth1
The routing table for the AXIS 82 is:     *    U     0      0        0 eth0     *    U     0      0        0 eth1
default         UG    0      0        0 eth0
Any ideas?  All thoughts are welcome.  If I've done something stupid, don't be afraid to say so!