Hi, I have an archlinux that was, at one point doing NAT across a ppp0 connection. this archlinuxarm pogoplug e02 is a client of a pptp vpn. This is a pretty dense set of information i am providing below. thank you very much for attempting to help me sort it out.
Key information:
Archlinuxarm machine that i desire to do IP forwarding: 192.168.1.6
Destination network, over ppp0: 192.167.0.0/24
Router @ 192.168.1.1 has static route for 192.167.0.0/24 traffic to be sent to 192.167.1.6 - take this as a given. I know it works, as i can follow packets and see they are being forwarded to 192.168.1.6.
Results:
From 192.168.1.6 - i can ping the entire 192.167.0.0 network, no problem
From any other 192.168.1.x machine, i can ping 192.167.1.6, but nothing on the 192.167.0.0/24 ntework.
Interestingly, i also cannot ping the local ppp0 address of the 192.167.1.6 machine (192.167.0.200) or the router on the other side of the VPN connection (192.167.0.99) - this is definitely the canary in the coal mine.
I use this script to set IP forwarding. It worked when i first set it up. But after installing other programs (e.g. nfs-utils, plexmediaserver, etc etc) it stopped working.
$this->bbcode_second_pass_code('', 'iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain # Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT # Assuming one NIC to local LAN
echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by kernel
')
here is the ippr adr
$this->bbcode_second_pass_code('', '1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether MAC:MASKED brd ff:ff:ff:ff:ff:ff
inet 192.168.1.6/24 brd 192.168.1.255 scope global dynamic eth0
valid_lft 45419sec preferred_lft 45419sec
inet6 mac:masked/64 scope link
valid_lft forever preferred_lft forever
10: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1432 qdisc pfifo_fast state UNKNOWN group default qlen 3
link/ppp
inet 192.167.0.200 peer 192.167.0.99/32 scope global ppp0
valid_lft forever preferred_lft forever
')
Here is the iptables -L
$this->bbcode_second_pass_code('', 'Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
')
and here is the iptables -t nat -L
$this->bbcode_second_pass_code('', 'Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
')
Please let me know what other information i can provide... i find ip forwarding and routing to be one of the most confusing topics to try to address.. thank you very much