Re: ip forwarding woes

To: debian-user@lists.debian.org
Subject: Re: ip forwarding woes
From: Alex Samad <alex@samad.com.au>
Date: Sun, 9 Mar 2008 08:39:04 +1100
Message-id: <[🔎] 20080308213904.GN32565@samad.com.au>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 87k5kdhrz1.fsf@localhost.localdomain>
References: <[🔎] 87k5kdhrz1.fsf@localhost.localdomain>

On Sat, Mar 08, 2008 at 03:37:54PM -0500, David Zelinsky wrote:
> I'm trying to set up a firewall/gateway, and I can't seem to get
> ip forwarding to work.  I'm using linux kernel 2.6.23 with iptables
> enabled.  Here's what happens.
> 
> The firewall machine has two interfaces (both on private networks, for
> testing purposes):
> 
> IF    IP            Netmask
> eth0  192.168.0.1   255.255.255.0
> eth1  10.0.0.1      255.255.255.0
can you do a ip r on the firewall machine on the machine at 192.168.0.2

on the 192.168.0.2 can yo also do a 

ip r g 10.0.0.2

if that all looks okay, then try  tcpdump firewall whilst doing
something like traceroute 10.0.0.2 from the 192.168.0.2 machine

> 
> This is the routing table:
> 
> Destination   Gateway   Genmask         Flags Metric Ref Use  Iface
> 192.168.0.0   0.0.0.0   255.255.255.0   U     0      0   0    eth0
> 10.0.0.0      0.0.0.0   255.255.255.0   U     0      0   0    eth1
> 
> I enable IP forwarding, with 'echo 1 >/proc/sys/net/ipv4/ip_forward'
> 
> I have the iptables_* modules loaded (* = forward,nat,mangle,raw).
> There are no rules in any of the tables, but all have ACCEPT as the
> default policy.
> 
> I have two other machines, one at 192.168.0.2 (connected to the same
> hub as firewall's eth0) and one at 10.0.0.2 (connected via crossover
> to firewall's eth1).
> 
> >From the firewall, I can ping both the other hosts.
> >From either host, I can ping the firewall at both 192.160.0.1 and 10.0.0.1.
> 
> With this setup, I expect to be able to ping 10.0.0.2 from 192.168.0.2
> (and vice versa), with packets routed through the firewall, but it
> doesn't work.
> 
> What am I overlooking?
> 
> I did try putting explicit iptables rules in the FILTER chain of the
> forward table, but it didn't make any difference.
> 
> Any suggestions would be much appreciated.
> 
> -- 
> David Zelinsky
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 

-- 
"We need to apply 21st-century information technology to the health care field. We need to have our medical records put on the I.T."

	- George W. Bush
01/05/2005
Collinsville, IL

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- ip forwarding woes
  - From: David Zelinsky <dzpost@dedekind.net>

Prev by Date: Re: ogg quality problem with ffmpeg
Next by Date: Re: good network
Previous by thread: ip forwarding woes
Next by thread: Re: ip forwarding woes
Index(es):
- Date
- Thread