[TriLUG] routing help

Christopher Knowles knowlesc at telocity.com
Fri Feb 1 22:39:50 EST 2002 

On Friday 01 February 2002 10:05 pm, Greg Brown wrote:
> I had Roadrunner installed today and I can't get routing to work.  My
> "network" looks something like the following:

Cool, once you go broadband, you'll never go back.

>
> 1. cable modem connected to eth0 (3c905)
> 2. eth0 is configured for DHCP (and is able to get an IP address - and I
> can surf the web from my linux box)
> 3. eth1 is configured as 10.1.1.254 (and is the default gateway of all my
> home machines)
> 4. netcfg has been run and I have set the "default gateway device" as eth0
>
> I also have some ipchains rules set. I wanted to disable any incoming TCP
> connection while allowing any machine on my home network (10.x.x.x) to be
> able to communicate with the outside world.  Here is my ipchains file as it
> exists right now:
>
> # Firewall configuration written by lokkit
> # Manual customization of this file is not recommended.
> # Note: ifup-post will punch the current nameservers through the
> #       firewall; such entries will *not* be listed here.
>
> :input ACCEPT
> :forward ACCEPT
> :output ACCEPT
>
> -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
> -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j DENY -y

Little worried about this rule... is it denying ICMP?  (I can't remember my 
protocol numbers)  Wouldn't "-p ICMP" work here?

> -A input -s x.x.x.x (my r.r. ip address)/255.255.255.255 53:53 -d
> 0.0.0.0/0.0.0.0 -p 17 -j ACCEPT
> -A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ
>
>
> Does anyone see where I'm going wrong?  Can anyone offer any suggestions?
>
> I thank you all in advance!!!!
>
> Greg
>
>

Can see only one thing... do you have IP routing turned on?  do a "cat 
/proc/sys/net/ipv4/ip_forward

If you get a 0 back, that's the problem, the system isn't forwarding packets 
from eth0 to eth1 and vice-versa.

The net cfg switch for this never seemed to take for me, so I edited 
/etc/sysctl.conf.  The line, "net.ipv4.forward = 0"  change 0 to 1.

(Don't know how to get this reread w/o rebooting.)  "echo 1 > 
/proc/sys/net/ipv4/ip_forward" will get you up right now.

HTH, YMMV, HAGD, and TTFN  :)

CJK

More information about the TriLUG mailing list