[TriLUG] routing help
gregbrown at mindspring.com
gregbrown at mindspring.com
Sat Feb 2 17:32:37 EST 2002
Thanks for the assistance everyone! The solution came last night in a vision (and I've been surfing ever since). The problem was I thought that I had to do the IP Masq. on the port where the traffic was recieved (eth1) when, in fact, I had to do the IP Masq. on the port were the traffic was exiting (eth0).
All is well now. Broadband is sweeeeeeeeeeeeeet.
trilug at trilug.org wrote:
> It's been a while, but I didn't see anything in your config that would
handle the NAT (Masquerading) for you.
And I'd set your rules wide open until you can get it to work, then restrict
Best of luck,
----- Original Message -----
Sent: Friday, February 01, 2002 10:56 PM
Subject: Re: Re: [TriLUG] routing help
> Yes, I have IP routing turned on...
> cat /proc/sys/net/ipv4/ip_forward returns '1'
> I tried to reboot without the rule denying all incoming IP connections but
the routing still does not work.
> Any other ideas?
> trilug at trilug.org wrote:
> > On Friday 01 February 2002 10:05 pm, Greg Brown wrote:> I had Roadrunner
installed today and I can't get routing to work. My
> > "network" looks something like the following:
> Cool, once you go broadband, you'll never go back.
> > 1. cable modem connected to eth0 (3c905)
> > 2. eth0 is configured for DHCP (and is able to get an IP address - and I
> > can surf the web from my linux box)
> > 3. eth1 is configured as 10.1.1.254 (and is the default gateway of all
> > home machines)
> > 4. netcfg has been run and I have set the "default gateway device" as
> > I also have some ipchains rules set. I wanted to disable any incoming
> > connection while allowing any machine on my home network (10.x.x.x) to
> > able to communicate with the outside world. Here is my ipchains file as
> > exists right now:
> > # Firewall configuration written by lokkit
> > # Manual customization of this file is not recommended.
> > # Note: ifup-post will punch the current nameservers through the
> > # firewall; such entries will *not* be listed here.
> > :input ACCEPT
> > :forward ACCEPT
> > :output ACCEPT
> > -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
> > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j DENY -y
> Little worried about this rule... is it denying ICMP? (I can't remember
> protocol numbers) Wouldn't "-p ICMP" work here?
> > -A input -s x.x.x.x (my r.r. ip address)/255.255.255.255 53:53 -d
> > 0.0.0.0/0.0.0.0 -p 17 -j ACCEPT
> > -A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ
> > Does anyone see where I'm going wrong? Can anyone offer any
> > I thank you all in advance!!!!
> > Greg
> Can see only one thing... do you have IP routing turned on? do a "cat
> If you get a 0 back, that's the problem, the system isn't forwarding
> from eth0 to eth1 and vice-versa.
> The net cfg switch for this never seemed to take for me, so I edited
> /etc/sysctl.conf. The line, "net.ipv4.forward = 0" change 0 to 1.
> (Don't know how to get this reread w/o rebooting.) "echo 1 >
> /proc/sys/net/ipv4/ip_forward" will get you up right now.
> HTH, YMMV, HAGD, and TTFN :)
> TriLUG mailing list
TriLUG mailing list
More information about the TriLUG