dual nic router not routing to internet, local OK

dual nic router not routing to internet, local OK

Post by tech » Wed, 17 Jul 2002 11:24:29



i'm trying to set up a gateway PC for a private subnet (192.168.1.0)
to the internet through a comcast cable modem.  running rh6.1 on a 486
with an isa and pci nic.  they are working.  ifconfig is shown below.
the cable modem is directly attached to eth0 and uses dhcp. from the
gateway pc, i can ping hosts on either side of the gateway, by ip and
domain name.  from clients on the private subnet, i cannot ping
through the gateway,.  using tcpdump -i eth0, it appears to me that
the pings are going out, but not being allowed to pass back through
the gateway.  my intent is to get the rounting up first then set
ipchains rules.  in case this is an issue, i added:
 ipchains -A forward 192.168.0.0/24 -j MASQ

thanks in advance  for any assistance

============================================================
ifcfg
eth0      Link encap:Ethernet  HWaddr 00:A0:CC:3F:E5:6A  
          inet addr:68.54.34.2  Bcast:68.54.34.255  Mask:255.255.255.0
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:77 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:9 Base address:0xfc00

eth1      Link encap:Ethernet  HWaddr 00:40:05:9E:16:D9  
          inet addr:192.168.1.1  Bcast:192.168.1.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:3 Base address:0x240

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
============================================================
pump -s
Device eth0
        IP: 68.54.34.2
        Netmask: 255.255.255.0
        Broadcast: 68.54.34.255
        Network: 68.54.34.0
        Boot server 172.30.44.34
        Gateway: 68.54.34.1
        Boot file: mdpx100_v1_silver_c01
        Domain: sftmyr01.fl.comcast.net
        Nameservers: 68.54.32.6 68.54.32.5
        Renewal time: Tue Jul 16 02:51:36 2002
        Expiration time: Tue Jul 16 03:36:36 2002

============================================================
ipchains -L
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target     prot opt     source                destination          
ports
MASQ       all  ------  192.168.0.0/24       anywhere              n/a
MASQ       all  ------  192.168.0.0/24       anywhere              n/a
MASQ       all  ------  192.168.0.0/24       anywhere              n/a
Chain output (policy ACCEPT):
============================================================
win98 tracert of 66.218.71.83 (www.yahoo.com)
D:\WINDOWS>tracert 66.218.71.83

Tracing route to 66.218.71.83 over a maximum of 30 hops

  1     2 ms     1 ms     1 ms  192.168.1.1
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *

 
 
 

dual nic router not routing to internet, local OK

Post by YAMABANA Kengo » Wed, 17 Jul 2002 13:06:19



> i'm trying to set up a gateway PC for a private subnet (192.168.1.0)
> to the internet through a comcast cable modem.  running rh6.1 on a 486
> with an isa and pci nic.  they are working.  ifconfig is shown below.
> the cable modem is directly attached to eth0 and uses dhcp. from the
> gateway pc, i can ping hosts on either side of the gateway, by ip and
> domain name.  from clients on the private subnet, i cannot ping
> through the gateway,.  using tcpdump -i eth0, it appears to me that
> the pings are going out, but not being allowed to pass back through
> the gateway.  my intent is to get the rounting up first then set
> ipchains rules.  in case this is an issue, i added:
>  ipchains -A forward 192.168.0.0/24 -j MASQ

If ip address of your private network is 192.168.1.0/24,
ipchains -A forward -s 192.168.1.0/24 -j MASQ

--
YAMABANA Kengou
Routex Inc. Japan

 
 
 

1. help PC dhcp Internet ok but local network no Internet

hello i'm a newbie in the beautiful world of linux!

here it goes :

Same PC Red-Hat 8.0 FireWall/Server

eth0 DHCP =
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
HWADDR=00:05:5d:f3:f5:2b
USERCTL=no
PEERDNS=no
TYPE=Ethernet

eth1 192.168.0.1 =
DEVICE=eth1
BOOTPROTO=none
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
ONBOOT=yes
HWADDR=00:05:5d:f3:f6:77
USERCTL=no
PEERDNS=no
TYPE=Ethernet

iptables :
here what i have put on a shell to configure my iptables :

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -t mangle -F POSTROUTING
iptables -t mangle -F PREROUTING
iptables -t mangle -F OUTPUT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

when i tested it :

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

So it's seems ok for the Firewall iptables

My second PC is a Windows 2000
ip 192.168.0.3
gw 192.168.0.1
my dns are ok too

My third PC is Linux Mandrake
ip 192.168.0.2
gw 192.168.0.1
my dns are ok too

The problem is :

MY PC Firewall/server (eth0 - eth1) surf on the INternet without
problem

My second and third PC of my local network (windows 2000 + Linux) are
not surfing on the net!!! Why?

My cable are ok, all my PCs are pinging each other
i can ping

192.168.0.1
192.168.0.2
192.168.0.3

to all my PC (+ the broadcast)

So to resume : 1 PC is going to Internet and all my network PCs do not
go to Internet! on them i cannot ping IP and i cannot ping URL
(exemple i cannot ping xxx.xxx.xxx.xxx or www.linux.org) but on my PC
dhcp i can ping xxx.xxx.xxx.xxx. and ping www.linux.org!

Help me my world will be a better place! :-)

2. Writing a script

3. tcp/ip routing question - setting the default route beyond the local router?

4. linux usenet

5. 2 NICs are ok, but 3 NICs not...?

6. PCL6 printer

7. Printcap OK, Postscript OK, together NOT OK - HELP!

8. xdm help?

9. Is my Router/Gateway routing OK?

10. hp 100vg 2585a NIC ifconfig/route OK but no joy

11. Win95 <-> Linux ok | Linux <-> Internet ok | Win95 <-> Linux <-> Internet NOT ok!

12. two dsl connections, two routers, dual nics on linux box , want to run two websites

13. problems configuring two NICs to access local net and internet