simple ip_forward didn't work
Hi,
newly I switched from SuSE to debian,
looking for a base of a small's company firewall. Now I'm experimenting
in an testing envinronment, looking for things like fast-nat, load balancing
with multiple providers etc go to work.
What make's me crazy is that I can't
get the real primitive networks things to fly. I use debian sarge with
the actual testing kernel 2.6.8, iptables and iproute2. The machine is
an small left over intel machine with sufficent CPU (350MHz), RAM (512MG)
und HD (8GB) and four 3com network cards (2 3c905b, 2 3c905c). The ip ranges
(ip, netmask, broadcast) for three subnets (172.31.24.0/21, 192.168.2.0/24,
213.118.69.33/27) were given in /etc/network/interfaces. A default route
was set to the internet iface.
The tests were made by one windows machine
per internal subnet. Ifconfig shows that all was up and running with the
right value, route looks good also. We could ping our test machines in
both subnets as well as they could ping the server. After this we
tried ip_forward by echo 1 > /proc/sys/net/ipv4/ip_forward and tried
to ping one windows machine from each other. Didn't work. After testing
we achieve the following picture:
- Win client1 (172 subnet) could ping
the server on the server's 172 subnet address
- Win client2 (192 subnet) could ping
the server on it's 172 and its 192 subnet address
- no client could ping the 212 address
- setting of ip_forward to 0 or 1 had
no influence to our results
This result really astonished me, I've
never thought that this network-primitives could ever fail. I've tried
several things like rewriting the interfaces several times, looking for
the options file (standard settings), looking for other configuration issues
but found nothing that could explain these behaviour. ip link, address,
route, rule show looks fine, the arp tables are also well filled etc.
Has anyone out there an idea what's
going wrong?
Günter
Reply to: