Re: ip forwarding woes

[David Zelinsky <dzpost@dedekind.net>]

Never mind, I found my mistake.  Sorry to bother people.

It turns out routing table on the 10.0.0.2 host was wrong, and it was 
causing the return packets to be lost.

When I made the configuration agree with what I describe below, 
everything works as expected.

-David


David Zelinsky <dzpost@dedekind.net> writes:

> I'm trying to set up a firewall/gateway, and I can't seem to get
> ip forwarding to work.  I'm using linux kernel 2.6.23 with iptables
> enabled.  Here's what happens.
> 
> The firewall machine has two interfaces (both on private networks, for
> testing purposes):
> 
> IF    IP            Netmask
> eth0  192.168.0.1   255.255.255.0
> eth1  10.0.0.1      255.255.255.0
> 
> This is the routing table:
> 
> Destination   Gateway   Genmask         Flags Metric Ref Use  Iface
> 192.168.0.0   0.0.0.0   255.255.255.0   U     0      0   0    eth0
> 10.0.0.0      0.0.0.0   255.255.255.0   U     0      0   0    eth1
> 
> I enable IP forwarding, with 'echo 1 >/proc/sys/net/ipv4/ip_forward'
> 
> I have the iptables_* modules loaded (* = forward,nat,mangle,raw).
> There are no rules in any of the tables, but all have ACCEPT as the
> default policy.
> 
> I have two other machines, one at 192.168.0.2 (connected to the same
> hub as firewall's eth0) and one at 10.0.0.2 (connected via crossover
> to firewall's eth1).
> 
> >From the firewall, I can ping both the other hosts.
> >From either host, I can ping the firewall at both 192.160.0.1 and 10.0.0.1.
> 
> With this setup, I expect to be able to ping 10.0.0.2 from 192.168.0.2
> (and vice versa), with packets routed through the firewall, but it
> doesn't work.
> 
> What am I overlooking?
> 
> I did try putting explicit iptables rules in the FILTER chain of the
> forward table, but it didn't make any difference.
> 
> Any suggestions would be much appreciated.
> 
> -- 
> David Zelinsky