Re: ip forwarding woes

---

• From: David Zelinsky <dzpost@xxxxxxxxxxxx>
• Date: 08 Mar 2008 17:57:13 -0500

---

Never mind, I found my mistake. Sorry to bother people.

It turns out routing table on the 10.0.0.2 host was wrong, and it was
causing the return packets to be lost.

When I made the configuration agree with what I describe below,
everything works as expected.

-David


David Zelinsky <dzpost@xxxxxxxxxxxx> writes:

I'm trying to set up a firewall/gateway, and I can't seem to get
ip forwarding to work. I'm using linux kernel 2.6.23 with iptables
enabled. Here's what happens.

The firewall machine has two interfaces (both on private networks, for
testing purposes):

IF IP Netmask
eth0 192.168.0.1 255.255.255.0
eth1 10.0.0.1 255.255.255.0

This is the routing table:

Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

I enable IP forwarding, with 'echo 1 >/proc/sys/net/ipv4/ip_forward'

I have the iptables_* modules loaded (* = forward,nat,mangle,raw).
There are no rules in any of the tables, but all have ACCEPT as the
default policy.

I have two other machines, one at 192.168.0.2 (connected to the same
hub as firewall's eth0) and one at 10.0.0.2 (connected via crossover
to firewall's eth1).

From the firewall, I can ping both the other hosts.
From either host, I can ping the firewall at both 192.160.0.1 and 10.0.0.1.

With this setup, I expect to be able to ping 10.0.0.2 from 192.168.0.2
(and vice versa), with packets routed through the firewall, but it
doesn't work.

What am I overlooking?

I did try putting explicit iptables rules in the FILTER chain of the
forward table, but it didn't make any difference.

Any suggestions would be much appreciated.

--
David Zelinsky

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

---

• Prev by Date: No orig.tar.gz or diff.gz with pdebuild
• Next by Date: Re: Brower cannot open some web pages in Debian
• Previous by thread: Re: ip forwarding woes
• Next by thread: Failure of Ethernet link with Belkin adapter & Netgear hub.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re[2]: nmap not scanning networks? ... OE> Have you checked the firewall rules and routing tables on your machines? ... OE> Do you have the same problems with non-private IP ranges? ... Make sure your host IP is not inclusive and see the result. ... To unsubscribe, ... (FreeBSD-Security) Debian VPN IPSEC interface ... was für unbedingt notwendig ist für Firewall und Routing. ... Ich setz immoment Openswan ein. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User) RE: Firewall/DMZ routing ... >> running but have something going wrong with routing. ... > do you have forwarding enabled on the firewall? ... > sysctl net.inet.ip.forwarding ... To unsubscribe, ... (freebsd-questions) Re: backports.org routing fixed ... > Hopefully this will clearn up the routing issues for anyone else still ... It's working here now from this host. ... To UNSUBSCRIBE, email to debian-user-request@lists.debian.org ... (Debian-User) Re: route how to? ... >> I usually do this kind of thing with a firewall, but the routing table ... > I asked because I'm not very familiar with route and don't want to broke ... To unsubscribe, ... (freebsd-questions)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)