I am trying to setup neorouter on a VPS as a (almost default) nat gateway to tunnel my internet traffic. I have connectivity between neorouter hosts, and have setup my iptables rules.
Gateway host (linux, 10.4.0.3):
Quote:
root@venture:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.4.0.0 * 255.255.0.0 U 0 0 0 nrtap
default * 0.0.0.0 U 0 0 0 venet0
root@venture:~# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 31 packets, 1628 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 46 packets, 4741 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any venet0:0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 46 packets, 4741 bytes)
pkts bytes target prot opt in out source destination
root@venture:~# iptables -L -v
Chain INPUT (policy ACCEPT 10086 packets, 1202K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- venet0:0 nrtap anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT all -- nrtap venet0:0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 17273 packets, 5124K bytes)
pkts bytes target prot opt in out source destination
root@venture:~# ping 10.4.0.2
PING 10.4.0.2 (10.4.0.2) 56(84) bytes of data.
64 bytes from 10.4.0.2: icmp_req=1 ttl=128 time=590 ms
64 bytes from 10.4.0.2: icmp_req=2 ttl=128 time=96.0 ms
64 bytes from 10.4.0.2: icmp_req=3 ttl=128 time=96.0 ms
64 bytes from 10.4.0.2: icmp_req=4 ttl=128 time=140 ms
64 bytes from 10.4.0.2: icmp_req=5 ttl=128 time=268 ms
--- 10.4.0.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 96.092/238.244/590.643/187.127 ms
Client host (windows, 10.4.0.2) has a test route added (74.0.0.0/8):
Quote:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.2 192.168.0.51 266
10.4.0.0 255.255.0.0 On-link 10.4.0.2 276
10.4.0.2 255.255.255.255 On-link 10.4.0.2 276
10.4.255.255 255.255.255.255 On-link 10.4.0.2 276
74.0.0.0 255.0.0.0 10.4.0.3 10.4.0.2 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.51 266
192.168.0.51 255.255.255.255 On-link 192.168.0.51 266
192.168.0.255 255.255.255.255 On-link 192.168.0.51 266
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.0.51 266
224.0.0.0 240.0.0.0 On-link 10.4.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.0.51 266
255.255.255.255 255.255.255.255 On-link 10.4.0.2 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.2 Default
===========================================================================
And can ping the gateway:
Quote:
C:\Windows\system32>ping 10.4.0.3
Pinging 10.4.0.3 with 32 bytes of data:
Reply from 10.4.0.3: bytes=32 time=162ms TTL=64
Reply from 10.4.0.3: bytes=32 time=66ms TTL=64
Reply from 10.4.0.3: bytes=32 time=66ms TTL=64
Reply from 10.4.0.3: bytes=32 time=66ms TTL=64
Ping statistics for 10.4.0.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 66ms, Maximum = 162ms, Average = 90ms
Wireshark (on client) shows traffic destined for 74.x.x.x going out Neorouter TAP interface, as well as ping traffic going out for 10.4.0.3, and ARP requests, etc.
TCPDump (on gateway) does not show traffic from 10.4.0.2 destined to 74.x.x.x but does show traffic from 10.4.0.2 destined to 10.4.0.3.
I feel I am missing something in the configuration?
Any thanks would be appreciated.