Home network router does not forward LAN traffic
Hello, experts!
My feeling that I have a simple problem, which I cannot solve alone.
Would appreciate any help from community.
I have a 3-computer network at home:
First Windows workstation: 192.168.1.2/16, gw 192.168.1.1
Second Windows workstation 192.168.2.2/16, gw 192.168.2.1
Linux server/NAT firewall/gateway running Debian Woody 3.0:
eth0: 10.0.0.150/24 connected to ADSL modem/router (10.0.0.138)
eth1: 192.168.1.1/24 connected to the first workstation
eth2: 192.168.2.1/24 connected to the second workstation
Gateway output of "netstat -rn":
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 40 0
0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 40 0
0 eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0
0 eth1
0.0.0.0 10.0.0.138 0.0.0.0 UG 40 0
0 eth0
I am running iptables firewall configured with jay-firewall script.
Here some output from "iptables -L" command which related to the home
LAN:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
JAY_LANIN all -- anywhere anywhere
JAY_LANIN all -- anywhere anywhere
JAY_INETIN all -- anywhere anywhere
JAY_LDROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
JAY_FWD_LAN_LAN all -- 192.168.1.0/24 192.168.2.0/24
JAY_FWD_LAN_LAN all -- 192.168.2.0/24 192.168.1.0/24
JAY_FWD_INET_LAN all -- anywhere 192.168.1.0/24
JAY_FWD_INET_LAN all -- anywhere 192.168.2.0/24
JAY_FWD_LAN_INET all -- 192.168.1.0/24 anywhere
JAY_FWD_LAN_INET all -- 192.168.2.0/24 anywhere
JAY_LDROP all -- anywhere anywhere
Chain JAY_FWD_LAN_LAN (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Now the PROBLEM:
My workstations cannot talk to each other!
Any one of two workstations can connect to the internet, I can ping
every network interface on Linux server from any workstation, but when
I am trying to ping between them, there is no answer.
Traffic sniffer shows that there is no answer to arp requests sent from
workstations. The arp table on the gateway includes arp entries for
both workstations during that test.
The question:
What is wrong and where? Is my routing table wrong or the problem is
in iptables configuration?
Many thanks to everyone who will help.
Konstantin.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.487 / Virus Database: 286 - Release Date: 6/1/2003
Reply to: