[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

simple ip_forward didn't work


newly I switched from SuSE to debian, looking for a base of a small's company firewall. Now I'm experimenting in an testing envinronment, looking for things like fast-nat, load balancing with multiple providers etc go to work.

What make's me crazy is that I can't get the real primitive networks things to fly. I use debian sarge with the actual testing kernel 2.6.8, iptables and iproute2. The machine is an small left over intel machine with sufficent CPU (350MHz), RAM (512MG) und HD (8GB) and four 3com network cards (2 3c905b, 2 3c905c). The ip ranges (ip, netmask, broadcast) for three subnets (,, were given in /etc/network/interfaces. A default route was set to the internet iface.

The tests were made by one windows machine per internal subnet. Ifconfig shows that all was up and running with the right value, route looks good also. We could ping our test machines in both subnets as well as they could ping  the server. After this we tried ip_forward by echo 1 > /proc/sys/net/ipv4/ip_forward and tried to ping one windows machine from each other. Didn't work. After testing we achieve the following picture:

- Win client1 (172 subnet) could ping the server on the server's 172 subnet address
- Win client2 (192 subnet) could ping the server on it's 172 and its 192 subnet address
- no client could ping the 212 address
- setting of ip_forward to 0 or 1 had no influence to our results

This result really astonished me, I've never thought that this network-primitives could ever fail. I've tried several things like rewriting the interfaces several times, looking for the options file (standard settings), looking for other configuration issues but found nothing that could explain these behaviour. ip link, address, route, rule show looks fine, the arp tables are also well filled etc.

Has anyone out there an idea what's going wrong?

Reply to: