Network Routing

Network Routing

Post by Vivian McPhai » Wed, 27 Apr 2011 21:34:30



  To: comp.linux,alt.comp.linux



>>Apologies if this is not the correct list.

>>I have a linux box with kernel 2.6.11.7 which I am trying to configure
>>as a router.  I have a cable modem connected to a firewall/router
>>(192.168.2.1).  The linux box (yoda 192.168.2.4, 192.168.1.1) is
>>connected to the firewall/router.  Also connected to yoda is another
>>network (with computer foo 192.168.1.3).  I can access the internet from
>>yoda and I can access yoda from foo, but I cannot access the internet
>>from foo.

>>yoda has the correct interface configuration and routing table

>>192.168.2.0 *            255.255.255.0 eth1
>>192.168.1.0 *            255.255.255.0 eth0
>>default     192.168.2.1  0.0.0.0       eth1

>>and I have ip forwarding enabled:

>>$ cat /proc/sys/net/ipv4/ip_forward
>>1

>> From what I have found in the HOWTOs and documentation this is all I
>>should have to do.

>>I do not need to do any masquerading so I do not see the need for
>>netfiltering, is this assumption correct?

> Not necessarily.  Your router likely has no knowledge of, or any clue, how
> to route your 192.168.1.0/24 network.

> - If your router is capable of static routing, you could use yoda
> 192.168.2.4 on it as a gateway for 192.168.1.0/24 network.

> - Or if your router is capable of setting a 255.255.0.0 netmask, you could
> enable proxy arp on eth1, so it would answer arp for eth0:

> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

> - Or even if netmask on router is limited to 255.255.255.0 you could set
> eth0 to a portion of eth1 network and enable proxy_arp on eth1.  For
> example based on my wireless subnet, you could set eth0 to 192.168.2.241
> netmask 255.255.255.249 broadcast 192.168.2.247 and have useable IPs on
> eth0 .242 - .246.  PC(s) on eth0 would use eth0 IP as gateway.  With
> proxy_arp enabled for eth1, it would answer arp requests for eth0 net,
> making it one happy LAN.

> - Or if all else fails, use iptables to masquerade your eth0 network as
> your eth1 IP.

First, the firewall has static routing with an entry to use yoda as the
gateway for the 192.168.1.0/24 network, so packets should theoretically
be able to be returned.

However, all else failed and I tried to use iptables to masquerage the
eth0 network.  I had the most liberal forwarding policy possible.
Unfortunately this did not work.

It seems that, for some reason, packets are not being forwared from eth0
to eth1.

I can ping yoda from foo.  I can ping the firewall from yoda.  I cannot
ping the firewall from foo.

As I mentioned earlier, I have ip_forward enabled.

TIA

Vivian

---
 * Synchronet * The Whitehouse BBS --- whitehouse.hulds.com --- check it out free usenet!
--- Synchronet 3.15a-Win32 NewsLink 1.92
Time Warp of the Future BBS - telnet://time.synchro.net:24

 
 
 

Network Routing

Post by Jarek Poplawsk » Wed, 20 Apr 2005 21:44:54





>>>Apologies if this is not the correct list.

>>>I have a linux box with kernel 2.6.11.7 which I am trying to configure
>>>as a router.  I have a cable modem connected to a firewall/router
>>>(192.168.2.1).  The linux box (yoda 192.168.2.4, 192.168.1.1) is
>>>connected to the firewall/router.  Also connected to yoda is another
>>>network (with computer foo 192.168.1.3).  I can access the internet from
>>>yoda and I can access yoda from foo, but I cannot access the internet
>>>from foo.

>>>yoda has the correct interface configuration and routing table

>>>192.168.2.0 *                255.255.255.0 eth1
>>>192.168.1.0 *            255.255.255.0 eth0
>>>default     192.168.2.1  0.0.0.0       eth1

>>>and I have ip forwarding enabled:

>>>$ cat /proc/sys/net/ipv4/ip_forward
>>>1

>>> From what I have found in the HOWTOs and documentation this is all I
>>>should have to do.

>>>I do not need to do any masquerading so I do not see the need for
>>>netfiltering, is this assumption correct?

>> Not necessarily.  Your router likely has no knowledge of, or any clue, how
>> to route your 192.168.1.0/24 network.

>> - If your router is capable of static routing, you could use yoda
>> 192.168.2.4 on it as a gateway for 192.168.1.0/24 network.

>> - Or if your router is capable of setting a 255.255.0.0 netmask, you could
>> enable proxy arp on eth1, so it would answer arp for eth0:

>> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

>> - Or even if netmask on router is limited to 255.255.255.0 you could set
>> eth0 to a portion of eth1 network and enable proxy_arp on eth1.  For
>> example based on my wireless subnet, you could set eth0 to 192.168.2.241
>> netmask 255.255.255.249 broadcast 192.168.2.247 and have useable IPs on
>> eth0 .242 - .246.  PC(s) on eth0 would use eth0 IP as gateway.  With
>> proxy_arp enabled for eth1, it would answer arp requests for eth0 net,
>> making it one happy LAN.

>> - Or if all else fails, use iptables to masquerade your eth0 network as
>> your eth1 IP.

> First, the firewall has static routing with an entry to use yoda as the
> gateway for the 192.168.1.0/24 network, so packets should theoretically
> be able to be returned.

> However, all else failed and I tried to use iptables to masquerage the
> eth0 network.  I had the most liberal forwarding policy possible.
> Unfortunately this did not work.

> It seems that, for some reason, packets are not being forwared from eth0
> to eth1.

> I can ping yoda from foo.  I can ping the firewall from yoda.  I cannot
> ping the firewall from foo.

> As I mentioned earlier, I have ip_forward enabled.

Do you have yoda as gateway in default route on foo?
You can also try from foo:
traceroute -n 192.168.2.1

Jarek P.