Tobias Skytte wrote:
> I am trying to set up a multihomed server that has a public ip address
> and is also connected to a private network. But I can not access the
> internet from the private network so I think I have some problem with
> the forwarding or routing.
> My setup looks like this:
>
> internet -----cisco1600 router (ip 196.x.x.y)---server (ip 196.x.x.x
> subnet 255.255.255.252)----switch ------private network (ip
> 192.168.10.x, subnet 255.255.255.0)
>
> (the above should be read as on long line, i.e. the router is
> connected to the internet thru v.35 (DSL line) and also to the server
> thru ethernet, the server is connected to the router and to the
> switch, the switch connects to the private network).
>
> server runs RH linux 7.1 (kernel 2.4.2-2)
> private network computers runs windows-xp with firewall-option
> disabled.
>
> I can ping from the server to the router and from the server to the
> private network.
> I can ping from the private network to both NICs in the server but
> *not* to the router.
> I can access the internet from the server.
> I can *not* access the internet from the private network.
> when I ping the router from the private network i get: "Request
> timeout".
>
> AFAIK networking is correctly set up on the server:
>
> I have /proc/sys/net/ipv4/ip_forward set to 1.
>
> I have a default route defined. (if I remove this default route, then
> when I ping the router from the private network I get: "network
> unreachable" instead of "request timeout", so it seems to me that
> routing is working).
>
> If I do:
> ipchains -L
> I get a list of rules set up on the input-chain, and the forward and
> output chains have policy=ACCEPT on them. But even if I flush it with
> "ipchains -F" and get policy=ACCEPT on all 3 chains this makes no
> difference to my problem.
>
> if I do:
> ifconfig
> I get a listing of eth0 and eth1 and lo that looks fine.
>
> So what am I missing? I have worked on this problem for the past few
> days and am running out of ideas. If anybody has got any ideas of what
> to check etc, then please let me know.
The 192.168.10/24 network addresses are not routable on the Internet. So
you need to configure "Source Network Address Translation" (SNAT) or "IP
Masquerading" on the firewall box (your "server" box) to convert the
non-routable, interior IPv4 addresses (192.168.10/24) into one or more
routable IPv4 addresses (e.g., 196.x.x.y). For more information, see the
documentation on the netfilter/iptables web site:
http://www.netfilter.org/documentation/index.html
--
Jim
To reply by email, remove "link" and change "now.here" to "yahoo"
jfischer_link5809{at}now.here.com
Similar Threads
Linear Mode
