Re: simple ip_forward didn't work

To: debian-firewall@lists.debian.org
Subject: Re: simple ip_forward didn't work
From: Hans Spaans <cj.spaans@nexit.nl>
Date: Thu, 28 Apr 2005 22:38:41 +0200
Message-id: <[🔎] 427149D1.5080307@nexit.nl>
In-reply-to: <[🔎] OF5FA91568.4C7CB1BD-ONC1256FF1.00478F51-C1256FF1.0050C4E2@team4.de>
References: <[🔎] OF5FA91568.4C7CB1BD-ONC1256FF1.00478F51-C1256FF1.0050C4E2@team4.de>

Guenter.Sprakties@team4.de wrote:
> 
> Hi,
> 
> newly I switched from SuSE to debian, looking for a base of a small's
> company firewall. Now I'm experimenting in an testing envinronment,
> looking for things like fast-nat, load balancing with multiple providers
> etc go to work.
> 
<cut>
> 
> Has anyone out there an idea what's going wrong?

The routing table on the windows machines is correct? Look under default
gateway in the network section. If you doubt if they're correct, please
post the output of 'netstat -nr' or 'route' of all machines. Also you
don't need NAT to route traffic from 172.31.24.0/21 to 192.168.2.0/24
and back. The option /proc/sys/net/ipv4/ip_forward should take care of
that with the default gateway on the clients pointing to your gateway.

After internal routing works you will notice that traffic for networks
other then 172.31.24.0/21 and 192.168.2.0/24 is a problem. At that
moment you need to setup your NAT and please put it only on your
external interface or you will NAT all your traffic and get in trouble ;-)

Hans

Reply to:

References:
- simple ip_forward didn't work
  - From: Guenter.Sprakties@team4.de

Prev by Date: Re: simple ip_forward didn't work
Next by Date: udp session tracking?
Previous by thread: Re: simple ip_forward didn't work
Next by thread: udp session tracking?
Index(es):
- Date
- Thread