![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
iptable help?
Feb. 11th, 2013 07:06 amSo, Vega.. my NAT box.. it's got three network interfaces. eth0 is the internal LAN. eth1 is the server-side LAN. eth2 is the cable modem.
By default, it routes traffic from eth0 out via eth2, unless eth2 is having problems, then it takes eth2 down and routes out eth1. No problems there.
But, I can't seem to reach it on eth1 from outside the server lan. That is, I can't ping or ssh to the machine from the outside world. I can ping and ssh from elsewhere on the server LAN. Rigel, for example, can talk to Vega just fine. But from, say, the office, or my phone, or South Africa, or Dysnomia.. I can't see it. It may as well not exist, /except/ that I don't get the usual "host unreachable" or other such messages.
I'm pretty sure this is an iptables problem. I may be wrong, but it seems likely. It seems to be rejecting packets on eth1 that don't originate on the subnet. I don't know why that would be. I'm hoping one of you might know. Here's the output from iptables-save:
( # Generated by iptables-save v1.4.12 on Mon Feb 11 06:58:54 2013 ... )
And route -n:
( Kernel IP routing table )
(I suppose it's worth pointing out that the current cable modem assigns 10. addressing, which conveniently conflicts with my internal addressing. Fortunately, it's just the one address (10.0.0.1), and Vega can always talk to Oort over the server LAN instead.)
By default, it routes traffic from eth0 out via eth2, unless eth2 is having problems, then it takes eth2 down and routes out eth1. No problems there.
But, I can't seem to reach it on eth1 from outside the server lan. That is, I can't ping or ssh to the machine from the outside world. I can ping and ssh from elsewhere on the server LAN. Rigel, for example, can talk to Vega just fine. But from, say, the office, or my phone, or South Africa, or Dysnomia.. I can't see it. It may as well not exist, /except/ that I don't get the usual "host unreachable" or other such messages.
I'm pretty sure this is an iptables problem. I may be wrong, but it seems likely. It seems to be rejecting packets on eth1 that don't originate on the subnet. I don't know why that would be. I'm hoping one of you might know. Here's the output from iptables-save:
( # Generated by iptables-save v1.4.12 on Mon Feb 11 06:58:54 2013 ... )
And route -n:
( Kernel IP routing table )
(I suppose it's worth pointing out that the current cable modem assigns 10. addressing, which conveniently conflicts with my internal addressing. Fortunately, it's just the one address (10.0.0.1), and Vega can always talk to Oort over the server LAN instead.)