[TriLUG] routing help
gregbrown at mindspring.com
gregbrown at mindspring.com
Sat Feb 2 17:32:37 EST 2002
Thanks for the assistance everyone! The solution came last night in a vision (and I've been surfing ever since). The problem was I thought that I had to do the IP Masq. on the port where the traffic was recieved (eth1) when, in fact, I had to do the IP Masq. on the port were the traffic was exiting (eth0).
All is well now. Broadband is sweeeeeeeeeeeeeet.
Greg
trilug at trilug.org wrote:
> It's been a while, but I didn't see anything in your config that would
handle the NAT (Masquerading) for you.
And I'd set your rules wide open until you can get it to work, then restrict
it.
Best of luck,
Shane O.
========
----- Original Message -----
From:
To:
Sent: Friday, February 01, 2002 10:56 PM
Subject: Re: Re: [TriLUG] routing help
> Yes, I have IP routing turned on...
> cat /proc/sys/net/ipv4/ip_forward returns '1'
>
> I tried to reboot without the rule denying all incoming IP connections but
the routing still does not work.
>
> Any other ideas?
>
> Greg
>
>
> trilug at trilug.org wrote:
> > On Friday 01 February 2002 10:05 pm, Greg Brown wrote:> I had Roadrunner
installed today and I can't get routing to work. My
> > "network" looks something like the following:
>
> Cool, once you go broadband, you'll never go back.
>
> >
> > 1. cable modem connected to eth0 (3c905)
> > 2. eth0 is configured for DHCP (and is able to get an IP address - and I
> > can surf the web from my linux box)
> > 3. eth1 is configured as 10.1.1.254 (and is the default gateway of all
my
> > home machines)
> > 4. netcfg has been run and I have set the "default gateway device" as
eth0
> >
> > I also have some ipchains rules set. I wanted to disable any incoming
TCP
> > connection while allowing any machine on my home network (10.x.x.x) to
be
> > able to communicate with the outside world. Here is my ipchains file as
it
> > exists right now:
> >
> > # Firewall configuration written by lokkit
> > # Manual customization of this file is not recommended.
> > # Note: ifup-post will punch the current nameservers through the
> > # firewall; such entries will *not* be listed here.
> >
> > :input ACCEPT
> > :forward ACCEPT
> > :output ACCEPT
> >
> > -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j DENY -y
>
> Little worried about this rule... is it denying ICMP? (I can't remember
my
> protocol numbers) Wouldn't "-p ICMP" work here?
>
> > -A input -s x.x.x.x (my r.r. ip address)/255.255.255.255 53:53 -d
> > 0.0.0.0/0.0.0.0 -p 17 -j ACCEPT
> > -A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ
> >
> >
> > Does anyone see where I'm going wrong? Can anyone offer any
suggestions?
> >
> > I thank you all in advance!!!!
> >
> > Greg
> >
> >
>
> Can see only one thing... do you have IP routing turned on? do a "cat
> /proc/sys/net/ipv4/ip_forward
>
> If you get a 0 back, that's the problem, the system isn't forwarding
packets
> from eth0 to eth1 and vice-versa.
>
> The net cfg switch for this never seemed to take for me, so I edited
> /etc/sysctl.conf. The line, "net.ipv4.forward = 0" change 0 to 1.
>
> (Don't know how to get this reread w/o rebooting.) "echo 1 >
> /proc/sys/net/ipv4/ip_forward" will get you up right now.
>
> HTH, YMMV, HAGD, and TTFN :)
>
> CJK
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
>
>
_______________________________________________
TriLUG mailing list
http://www.trilug.org/mailman/listinfo/trilug
More information about the TriLUG
mailing list