Re: IP forwarding

To: "Lalovic, Drazen" <dlalovic@mobility.com>, "debian" <debian-user@lists.debian.org>
Subject: Re: IP forwarding
From: "Kevin Traas" <ktraas@uniserve.com>
Date: Fri, 25 Jul 1997 09:36:04 -0700
Message-id: <[🔎] 199707251635.JAA16784@mercury.uniserve.com>

> I have set up a Linux host with two ethernet cards. IP forwarding is
> enabled in the kernel and it is in its default state (accept and forward
> everything). Both ethernet segments, eth0 and eth1 are alive.
> 1. From the Linux machine I can ping hosts on both subnets an
> vice-versa.
> 2. From the LAN that sits on eth1, I can ping the near port(eth1) on the
> Linux machine but not the other port (eth0).
> 3. From the LAN that sits on eth0, I can ping both ports on the Linux
> machine but I can not reach any hosts on the eth1 side.
> When I get IP forwarding working correctly, I will start selecting the
> firewall policies. Does anybody have a solution?

If possible in your situation (you haven't provided enough info, so I can't
tell), go without any ipfwadm configuration at all to start with.  You
don't need it in most cases (unless you're connected to the 'Net and need
to hide a private subnet -192.168.x.y).

If you have IP Forwarding enabled (along with all other networking
"stuff"), then you only have to setup the routing, default GW, properly and
everything should work great.  Once you're that far, then you can implement
IP Masquerading (which is what I think you were saying above).

Hosts on the eth0 segment should have the eth0 interface IP as their
default GW.
Hosts on the eth1 segment should have the eth1 interface IP as their
default GW.
(Other factors - which you haven't mentioned - *will* affect this.)

On your Linux box, you should have routes added for each segment.
i.e. route add -net segment0 eth0 ; route add -net segment1 eth1

You won't need a default GW on your Linux box unless you have a router on
one of the segments for communication elsewhere.  (Or you have a link to
your ISP on your Linux box as well.)  Whatever, you didn't provide this
info, so I can't help you further.....

If this helps, great!  Else, provide more info including:

- contents of /etc/init.d/network
- contents of any other files you're using to config the network
- output of `route -n`
- output of `ifconfig`
- general idea of what you're trying to accomplish....

Later,

Kevin Traas			Baan Business Systems
Systems Analyst		Langley, BC, Canada
Kevin@Baan-BBS.CA		(604) 882-8169


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: The Gimp?
Next by Date: Re: Where is Netscape Communicator?
Previous by thread: Re: IP forwarding
Next by thread: why kernel 2.0.29 in Debian 1.3.1?
Index(es):
- Date
- Thread