Need help getting a linux client to ping WAN side

[Sigmatic.Minor]

Hello all!

Apologies if this is a really stupid error I've made in here somewhere but I'm still really new to the linux networking world - only just getting back into it after a long time with windows.

I've got a setup in Virtual box with the following:

Linux server (mint). Acts as DHCP server.

• eth0 IP: 192.168.1.1 (static)
• eth1 IP: 192.168.15.12 (obtained by DHCP from my main LAN which in this case, would be the "WAN" I'm trying to get the client to connect to)
• has 2 network adapters, eth0 (LAN) and eth1 (WAN).
• Adapter 1 (eth0) settings in virtual box are set to "internal network", promiscuous mode: deny
• Adapter 2 (eth1) settings in virtual box are set to "bridged adapter" , promiscuous mode: deny

Linux client (mint).

• IP: 192.168.1.10, assigned by DHCP by the server above

The problem:

From the server I can successfully ping the client and also the "wan" being my main physical network, which is the 192.168.15.x network. Everything seems to work how it should

The client, however, can ping the server, but nothing on the "wan". If I try and ping 192.168.15.1, I get a destination host unreachable error. The traceroute makes it to the server and stops there.

My guess is, I've set routing or iptables up wrong but not sure where I've gone wrong.

Here are some links to pastebins of the contents of my config files on the server:

• dhcpd.conf (routers is set to 192.168.1.1 but I've also tried 192.168.1.254)

• sysctl.conf

• interfaces

• hosts

• ifconfig

The iptables command I used was:

sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

 

If anyone can help me see what mistake I've made or something I've missed I would be very grateful! :D

[Sigmatic.Minor]

Ok so after googling for a while I came across someone with the same issue and found the fix!!

 

Even though it's working now I'll post the fix here incase anyone else has the same issue: 

 

Adding the line:

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

into /etc/rc.local is necessary to make forwarding work, even if the command has been run before

 

Could anyone explain why this needs to be added even though I've run the same command as root previously?

[ichi]

The iptables command is not persistent, the rules are lost on reboot. You must use iptables-save and iptables-restore (or the iptables-persistent package) or use a frontend like ufw that automates that for you.

You can also do it on rc.local but usually if you have a complex set of rules you'd want to keep it more organized on it's own config file.