Re: IP forwarding

To: Debian User Mailing List <debian-user@lists.debian.org>
Cc: "Dwayne C . Litzenberger" <dlitz@cheerful.com>
Subject: Re: IP forwarding
From: John Pearson <huiac@camtech.net.au>
Date: Wed, 17 May 2000 10:45:24 +0930
Message-id: <[🔎] 20000517104523.U476@huiac.localnet>
Mail-followup-to: Debian User Mailing List <debian-user@lists.debian.org>, "Dwayne C . Litzenberger" <dlitz@cheerful.com>
In-reply-to: <[🔎] 20000516072409.A1040@dlitz.dyn.dhs.org>; from dlitz@cheerful.com on Tue, May 16, 2000 at 07:24:09AM -0600
References: <[🔎] 20000516072409.A1040@dlitz.dyn.dhs.org>

On Tue, May 16, 2000 at 07:24:09AM -0600, Dwayne C . Litzenberger wrote
> I have a box that I want to do IP forwarding.  But, I can't ping outside
> hosts through it.  The firewall sends packets from me, but it doesn't
> re-forward the ICMP echo replies (although you can see them with iptraf in
> promiscuous mode) back.
> 
> # ipchains -L
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> 
> # cat /proc/sys/net/ipv4/ip_forward
> 1
> 

Try this:
# echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
# echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
(and repeat for any other network cards you may have
installed in the two machines).

If that helps, read 
/usr/src/linux/Documentation/networking/ip-sysctl.txt

and look at /etc/init.d/netbase.  Some network configurations
(e.g., satellite downlinks or multiple, multihomed machines)
may require different handling than the default, or more
careful planning of network routing.


John P.
-- 
huiac@camtech.net.au
john@huiac.apana.org.au
http://www.mdt.net.au/~john Debian Linux admin & support:technical services

Reply to:

References:
- IP forwarding
  - From: "Dwayne C . Litzenberger" <dlitz@cheerful.com>

Prev by Date: Re: ipchains error
Next by Date: Re: Debian vs Red Hat??? I need info.
Previous by thread: Re: IP forwarding
Next by thread: RE: IP forwarding
Index(es):
- Date
- Thread