Re: Roach Motel For Packets...
On Sat, 29 Sep 2001, Peter Billson wrote:
> I have a Linux router with two connections from different service
> providers (eth0 and eth1) coming in and want to route all traffic to go
> out eth2. Eth0 is the router's default gateway
>
> I assigned eth2 two ips (eth2=192.168.0.1 and eth2:0=10.0.0.1)The
> (important) routes are set to
>
> Network gateway netmask iface
> 192.168.0.0 * 255.255.255.0 eth2
> 10.0.0.1 * 255.255.255.0 eth2
> (eth1 net) * 255.255.255.0 eth1
> default (eth0 ip) 0.0.0.0 eth0
>
> Ips have been changed to protect the innocent. All ips are really in
> the public IP space.
>
> I am *not* trying to load balance, do BGP or anything like that. I
> basically want the boxen on the network to respond to packets coming
> from either network.
>
> I'm using IPChains to get this all working nice.
Show us.
> If I ping any of the IPs serviced by eth0 (remotely or locally)
> everything works fine. I can ping eth0, eth2 or any of the boxes on the
> network.
>
> From the router I can ping eth0, eth1, eth2, and IPs that should be
> serviced by eth1 on the network and I can ping the provider going out
> eth1.
>
> From the local network I can ping any other machine and *any* IP on
> the router.
>
> But if I try to ping eth1, or any of the IPs serviced by eth1, from a
> remote machine the packets come into the router and disappear. They do
> not get DENYed, ACCEPTed or FORWARDed by IPChains on any interface. The
> rules relating to eth0 and eth1 are identical.
I am not sure if I understand this exactly. It may help to have more
information.
I have a feeling your replies are being sent out but are being firewalled
by another router, since they appear to have a source address that doesn't
belong to its network (i.e. address spoofing, SMURF attack).
Jeremy C. Reed
echo 'G014AE824B0-07CC?/JJFFFI?D64CB>D=3C427=>;>6HI2><J' |
tr /-_ :\ Sc-y./ | sed swxw`uname`w
Reply to: