From: Billy Hager (whager_at_bellsouth.net)
Date: Mon May 20 2002 - 21:28:21 EDT

All right here are my troubles. :(

I have a vserver located on a machine on my local network. In comming
connections from anywhere(internet/local net) work fine. Out going
connections to the local network work fine. Out going connections to
computers outside my local network (i.e. anything where I have to go through
my default gw) don't seem to be working properly.

More specificly, connections comming from the vserver don't apear to be
masqueraded when they should be. I'm sure It's just something stupid that
I'm doing, so here goes some more info about my network ....

eth0: <---- My local network
eth0:1 <---- IP addr my vserver is bound to
eth1: <---- DSL Modem plugged in here
ppp0: <--- pppoe device for DSL. Dynamic IP. (default gw)

Netfilter setup:
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/ip_dynaddr = 1
iptables -t nat -A POSTROUTING -o ppp+ -j MASQUERADE
Everything else is set do accept by default. This isn't secure, but I'm just
trying to get this to work first.

I believe the packets aren't getting masqueraded correctly because of this
sample output from "tcpdump -i ppp0" when I run "dig google.com".

09:03:37.445715 > 4+ A?
google.com. (28) (DF)
09:03:42.446408 > 4+ A? google.com.
(28) (DF)

Using the exact same filesystem I have achieved out going net access when I
connected my DSL modem to a linksys DSL/CABLE router on my network. I would
love to just use the linksys device, unfortunately, it's unreliable. I can't
depend on it to hold an internet connection.

If I had some more hardware I would set up a second box as a firewall and
everything would be great, but I dont. Has anyone ever been in a simular

Billy Hager          | AIM: wwhager2
whager_at_bellsouth.net | http://www.billsbox.net

