Help with IP forwarding [more info]

To: Debian Users <debian-user@lists.debian.org>
Subject: Help with IP forwarding [more info]
From: Rick Macdonald <Rick_Macdonald@calgary.shaw.wave.ca>
Date: Mon, 04 May 1998 07:43:06 -0600
Message-id: <[🔎] 354DC5EA.DF035FF5@calgary.shaw.wave.ca>

This is a repost. I left out some important information.

The question is how or if it is possible to set up a firewall when the
local lan side is not a different network but just one or more hosts on
the same subnet as the firewall and the firewall's gateway?

The Win95 box below has it's gateway as 1.1.1.245 (the Linux box) with a
netmask of 255.255.255.0. The linux box has it's gateway as 1.1.1.1.

Here is the repost:

I have a cable modem connection that is just being converted to a
"business-class" connection, which means I get 5 statics IP addresses
and my packets destined to the office are routed directly.

I can't get IP forwarding to forward anything.

The setup is simple: (I've disguising actual IP's in this message as
just "1.1.1.n"):

cableModem  <--->  LinuxBox  <--->  Win95Box
                  .244 .245         .246

The Linux box has two ethernet cards.

I can ping Win95 from Linux, ping and telnet from Win95 to Linux, but
Win95 can't reach beyond Linux to the internet, and from outside the
cable modem I can't see past Linux to the Win95. IE, it's as if IP
forwarding isn't forwarding.

eth0 is the cable modem side:

#  configure the IP address, netmask and broadcast address.
sudo /sbin/ifconfig eth0 1.1.1.244 netmask 255.255.255.0 broadcast
1.1.1.255
# add a network route to point to it:
sudo /sbin/route add -net 1.1.1.0 device eth0
# Add a default route.                             
sudo /sbin/route add default gw 1.1.1.1

eth1 is the Win95 lan side:
sudo /sbin/ifconfig eth1 1.1.1.245 netmask 255.255.255.0 broadcast
1.1.1.255
sudo arp -s 1.1.1.246 00:10:4B:1E:A4:1B pub
sudo arp -a
sudo /sbin/route add -host 1.1.1.245 device eth1
sudo /sbin/route add -host device eth1

Note that my local lan isn't a subnet, just one host (Win95) with houst
routes defined for the ethernet card (1.1.1.245) and Win95 (1.1.1.246).

tcpdump on eth1 while Win95 is trying to ping the cable gateway just
shows the following, with no activity on the other side (eth0):

11:01:24.296343 arp who-has 1.1.1.1 tell 1.1.1.246
11:01:25.796343 arp who-has 1.1.1.1 tell 1.1.1.246
11:01:26.816343 arp who-has 1.1.1.1 tell 1.1.1.246

I tried to turn on logging with this command:
/sbin/ipfwadm -A both -W eth1 -i -o

and /var/adm/kern.log shows this:

May  2 11:02:07 timshel kernel: IP acct in eth1 UDP 1.1.1.246:137
192.159.106.60:53 L=70 S=0x00 I=16137 F=0x0000 T=32 
May  2 11:02:07 timshel kernel: IP acct in eth1 UDP 1.1.1.246:137
192.159.106.60:53 L=70 S=0x00 I=16137 F=0x0000 T=32

Any ideas what I'm missing?

-- 
....RickM...


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: ftape problem
Next by Date: Re: Telnet Timeouts
Previous by thread: Re: ftape problem
Next by thread: how to make shell scripts executable -- and NTFS driver
Index(es):
- Date
- Thread