Roach Motel For Packets...
Hi all,
I have successfully created a Linux "Roach Motel"... packets check in,
but they don't check out! Unfortunately, I was trying to create a
router! :-)
I have a Linux router with two connections from different service
providers (eth0 and eth1) coming in and want to route all traffic to go
out eth2. Eth0 is the router's default gateway
I assigned eth2 two ips (eth2=192.168.0.1 and eth2:0=10.0.0.1)The
(important) routes are set to
Network gateway netmask iface
192.168.0.0 * 255.255.255.0 eth2
10.0.0.1 * 255.255.255.0 eth2
(eth1 net) * 255.255.255.0 eth1
default (eth0 ip) 0.0.0.0 eth0
Ips have been changed to protect the innocent. All ips are really in
the public IP space.
I am *not* trying to load balance, do BGP or anything like that. I
basically want the boxen on the network to respond to packets coming
from either network.
I'm using IPChains to get this all working nice.
If I ping any of the IPs serviced by eth0 (remotely or locally)
everything works fine. I can ping eth0, eth2 or any of the boxes on the
network.
From the router I can ping eth0, eth1, eth2, and IPs that should be
serviced by eth1 on the network and I can ping the provider going out
eth1.
From the local network I can ping any other machine and *any* IP on
the router.
But if I try to ping eth1, or any of the IPs serviced by eth1, from a
remote machine the packets come into the router and disappear. They do
not get DENYed, ACCEPTed or FORWARDed by IPChains on any interface. The
rules relating to eth0 and eth1 are identical.
It is as if the packets coming in eth1 are not getting forwarded but I
can't figure out why not, particularly when the IPChains rules work for
eth0.
Any suggestions where to look?
Pete
--
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting
Reply to: