View Single Post
Old 03-28-2013, 02:24 AM   #2
ixtab
(offline)
ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.
 
ixtab's Avatar
 
Posts: 2,907
Karma: 6736094
Join Date: Dec 2011
Device: K3, K4, K5, KPW, KPW2
IIRC, that looks very familiar, so you got that information from one of the Wiki pages (though I can't remember which). Please insert a link to it in your post.

Anyway, two suggestions:
1. I wouldn't stuff these commands into an interface configuration script, but that's personal preference. I'd put it into a simple shell file that can be run when needed.

2. Refer to http://www.revsys.com/writings/quicktips/nat.html for the (IMO) cleanest description and easiest way to set up IP masquerading. (eth0 is the interface to the world, eth1 the internal one. You'll need to sustitute the latter by usb0, the former... according to your setup, but it's probably eth0).

In particular, the script that you posted does NOT seem to designate the outgoing interface ("-o" parameter), so that may be the reason. The Kindle setup looks correct though.

3. (Bonus tip ) - if you're unsure about what exactly is happening, you can run "tcpdump -i eth0 -nX -s 100 icmp" or similar to determine which (ICMP, in this case) packets are going through eth0. Pay special care to the source and destination addresses - if masquerading works correctly, then it will be your local IP, otherwise it will be 192.168.15.244 (which will fail, of course).

EDIT:
Here's a quick and dirty shell script which works for me:
Code:
#!/bin/sh -ex

# This script must be run as root.

# Adapt to your setup
OUTSIDE=eth1
KINDLE=usb0

echo 1 > /proc/sys/net/ipv4/ip_forward

# to delete these rules, use the same command, but with "-D" instead of "-A"
iptables -A FORWARD -i $KINDLE -o $OUTSIDE -j ACCEPT
iptables -A FORWARD -i $OUTSIDE -o $KINDLE -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o $OUTSIDE -j MASQUERADE

ssh root@192.168.15.244 'echo "nameserver 4.2.2.1" > /etc/resolv.conf; route add default gw 192.168.15.201'

Last edited by ixtab; 03-28-2013 at 03:33 AM.
ixtab is offline   Reply With Quote