[TriLUG] routing help
shaneo at opennms.org
Sat Feb 2 15:22:44 EST 2002
It's been a while, but I didn't see anything in your config that would
handle the NAT (Masquerading) for you.
And I'd set your rules wide open until you can get it to work, then restrict
Best of luck,
----- Original Message -----
From: <gregbrown at mindspring.com>
To: <trilug at trilug.org>
Sent: Friday, February 01, 2002 10:56 PM
Subject: Re: Re: [TriLUG] routing help
> Yes, I have IP routing turned on...
> cat /proc/sys/net/ipv4/ip_forward returns '1'
> I tried to reboot without the rule denying all incoming IP connections but
the routing still does not work.
> Any other ideas?
> trilug at trilug.org wrote:
> > On Friday 01 February 2002 10:05 pm, Greg Brown wrote:> I had Roadrunner
installed today and I can't get routing to work. My
> > "network" looks something like the following:
> Cool, once you go broadband, you'll never go back.
> > 1. cable modem connected to eth0 (3c905)
> > 2. eth0 is configured for DHCP (and is able to get an IP address - and I
> > can surf the web from my linux box)
> > 3. eth1 is configured as 10.1.1.254 (and is the default gateway of all
> > home machines)
> > 4. netcfg has been run and I have set the "default gateway device" as
> > I also have some ipchains rules set. I wanted to disable any incoming
> > connection while allowing any machine on my home network (10.x.x.x) to
> > able to communicate with the outside world. Here is my ipchains file as
> > exists right now:
> > # Firewall configuration written by lokkit
> > # Manual customization of this file is not recommended.
> > # Note: ifup-post will punch the current nameservers through the
> > # firewall; such entries will *not* be listed here.
> > :input ACCEPT
> > :forward ACCEPT
> > :output ACCEPT
> > -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j DENY -y
> Little worried about this rule... is it denying ICMP? (I can't remember
> protocol numbers) Wouldn't "-p ICMP" work here?
> > -A input -s x.x.x.x (my r.r. ip address)/255.255.255.255 53:53 -d
> > 0.0.0.0/0.0.0.0 -p 17 -j ACCEPT
> > -A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ
> > Does anyone see where I'm going wrong? Can anyone offer any
> > I thank you all in advance!!!!
> > Greg
> Can see only one thing... do you have IP routing turned on? do a "cat
> If you get a 0 back, that's the problem, the system isn't forwarding
> from eth0 to eth1 and vice-versa.
> The net cfg switch for this never seemed to take for me, so I edited
> /etc/sysctl.conf. The line, "net.ipv4.forward = 0" change 0 to 1.
> (Don't know how to get this reread w/o rebooting.) "echo 1 >
> /proc/sys/net/ipv4/ip_forward" will get you up right now.
> HTH, YMMV, HAGD, and TTFN :)
> TriLUG mailing list
More information about the TriLUG