Re: simple ip_forward didn't work

To: Guenter.Sprakties@team4.de
Cc: debian-firewall@lists.debian.org
Subject: Re: simple ip_forward didn't work
From: Nathan Barham <nathan@sleepygeek.com>
Date: Thu, 28 Apr 2005 08:37:04 -0700
Message-id: <[🔎] 42710320.1080000@sleepygeek.com>
In-reply-to: <[🔎] OF5FA91568.4C7CB1BD-ONC1256FF1.00478F51-C1256FF1.0050C4E2@team4.de>
References: <[🔎] OF5FA91568.4C7CB1BD-ONC1256FF1.00478F51-C1256FF1.0050C4E2@team4.de>

Guenter.Sprakties@team4.de wrote:

The tests were made by one windows machine per internal subnet. Ifconfigshows that all was up and running with the right value, route looks goodalso. We could ping our test machines in both subnets as well as theycould ping the server. After this we tried ip_forward by echo 1 >/proc/sys/net/ipv4/ip_forward and tried to ping one windows machine fromeach other. Didn't work. After testing we achieve the following picture:
- Win client1 (172 subnet) could ping the server on the server's 172subnet address- Win client2 (192 subnet) could ping the server on it's 172 and its 192subnet address
- no client could ping the 212 address
- setting of ip_forward to 0 or 1 had no influence to our results

So basically you turned forwarding on and it doesn't work. You probablythought of these already but it's all I can think of ATM...

Did you set your FORWARD chain policy to DROP and forget to allow thetraffic to/from your subnets? Do you have a logging rule in place forpackets dropped in the FORWARD chain, and if so is it logging anything?

Also note that in Debian echo "1" > /proc/sys/net/ipv4/ip_forward canalso be achieved by setting ip_forward=yes in /etc/network/options.


-Nathan

Reply to:

References:
- simple ip_forward didn't work
  - From: Guenter.Sprakties@team4.de

Prev by Date: simple ip_forward didn't work
Next by Date: Re: simple ip_forward didn't work
Previous by thread: simple ip_forward didn't work
Next by thread: Re: simple ip_forward didn't work
Index(es):
- Date
- Thread