Ip forward

I have a linux-box with two network cards,
eth0 (192.168.2.1 netmask 255.255.255.0) connected to a machine running
WinXp (192.168.2.2 netmask 255.255.255.0).
eth1 (192.168.1.4 netmask 255.255.255.0) connected to a lan where there is
also a router (192.168.1.1).
The default gateway on the linux-box is 192.168.1.1 (the router).
The default gateway on the WinXp machine is 192.168.2.1.

What I have to do to let the WinXp machine comunicate with the lan (and the
router).
I resolved using a bridge (bridge.sourceforge.net) on a linux-box, but there
must be another way.
I triyed also to put echo 1 > /proc/sys/net/ipv4/ip_forward but without
solution.
Maybe some command like route, ipchain?
Thaks

Nikita Sergeyevich Khrushchev <(E-Mail Removed)> wrote:
> I have a linux-box with two network cards,
> eth0 (192.168.2.1 netmask 255.255.255.0) connected to a machine running
> WinXp (192.168.2.2 netmask 255.255.255.0).
> eth1 (192.168.1.4 netmask 255.255.255.0) connected to a lan where there is
> also a router (192.168.1.1).
> The default gateway on the linux-box is 192.168.1.1 (the router).
> The default gateway on the WinXp machine is 192.168.2.1.

> What I have to do to let the WinXp machine comunicate with the lan (and the
> router).
> I resolved using a bridge (bridge.sourceforge.net) on a linux-box, but there
> must be another way.
> I triyed also to put echo 1 > /proc/sys/net/ipv4/ip_forward but without
> solution.
> Maybe some command like route, ipchain?
> Thaks

Try this:

route add -net 192.168.2.0/24 gw 192.168.1.4 eth0

--
Clifford Kite Email: "echo xvgr_yvahk-(E-Mail Removed)|rot13"
PPP-Q&A links, downloads: http://ckite.no-ip.net/
/* For every credibility gap, there is a gullibility fill.
-- R. Clopton */

> Try this:
>
> route add -net 192.168.2.0/24 gw 192.168.1.4 eth0

network is unreachable

But the flag 1 to ip_forward what do?

Nikita Sergeyevich Khrushchev wrote:
>>Try this:
>>
>>route add -net 192.168.2.0/24 gw 192.168.1.4 eth0
>
>
> network is unreachable
>
> But the flag 1 to ip_forward what do?
>
>

up echo 1 > /proc/sys/net/ipv4/ip_forward
is to share internet connection over you nat server

# iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE

--
Even though I walk through the valley of the shadow of death,
I will fear no evil, for you are with me;
your rod and your staff, they comfort me.

> up echo 1 > /proc/sys/net/ipv4/ip_forward
> is to share internet connection over you nat server
>
> # iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE

Don't work. The pc with WinXp don't ping the network over eth1.

Nikita Sergeyevich Khrushchev wrote:
> > up echo 1 > /proc/sys/net/ipv4/ip_forward
> > is to share internet connection over you nat server
> >
> > # iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
>
> Don't work. The pc with WinXp don't ping the network over eth1.

Clarify your network layout -- it is not entirely clear . Is the Linux
box connected directly to the router (I assume true)? What kind of
router? Are you trying to use the Linux box to forward packets onto
the lan (I assume true)? Have you turned off the Linux firewall when
testing connectivity? Have you tried sniffing the wire on the Linux
box to see if _any_ packets are arriving from the XP machine? Can you
ping the XP machine from the Linux box? Sorry for the obvious
questions but you have not stated (explicitly) that you have tried
these things.

Confirm that your XP machine is configured correctly by running these
tests:

http://www.microsoft.com/resources/d...c_tcp_neeq.asp

ipconfig -all
ping ipaddress
ping <hostname>
pathping IPaddress
make sure the arp cache is cleared
try ping again
check the remaining items in above link if you still can't connect

If the Linux box can connect across the lan, suspect the config of the
XP box.

Can the XP box ping it's default GW (Linux box)? If so, does it go no
farther (ie., out eth1)? If packets are going _out_ eth1 (confirm with
sniffer) they may not be _returning_ if the router does not know about
the 192.168.2.0 subnet. Is the router properly configured? It reaches
the Linux box via 192.168.1.0 so Linux connectivity alone is not
sufficient for the router to send packets to 192.168.2.0 -- it must
have an entry for that subnet telling it to use the port connected to
the Linux box in order to reach 192.168.2.0.

If still no joy, post ouput of above commands as well as ipconfig and
route -n from the Linux box.

This is not that compilicated. There is either a hardware problem or
we are overlooking something very obvious. Keep at it :-)
hth,
prg
email above disabled

Nikita Sergeyevich Khrushchev wrote:
> > up echo 1 > /proc/sys/net/ipv4/ip_forward
> > is to share internet connection over you nat server
> >
> > # iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE
>
> Don't work. The pc with WinXp don't ping the network over eth1.

Clarify your network layout -- it is not entirely clear . Is the Linux
box connected directly to the router (I assume true)? What kind of
router? Are you trying to use the Linux box to forward packets onto
the lan (I assume true)? Have you turned off the Linux firewall when
testing connectivity? Have you tried sniffing the wire on the Linux
box to see if _any_ packets are arriving from the XP machine? Can you
ping the XP machine from the Linux box? Sorry for the obvious
questions but you have not stated (explicitly) that you have tried
these things.

Confirm that your XP machine is configured correctly by running these
tests:

http://www.microsoft.com/resources/d...c_tcp_neeq.asp

ipconfig -all
ping ipaddress
ping <hostname>
pathping IPaddress
make sure the arp cache is cleared
try ping again
check the remaining items in above link if you still can't connect

If the Linux box can connect across the lan, suspect the config of the
XP box.

Can the XP box ping it's default GW (Linux box)? If so, does it go no
farther (ie., out eth1)? If packets are going _out_ eth1 (confirm with
sniffer) they may not be _returning_ if the router does not know about
the 192.168.2.0 subnet. Is the router properly configured? It reaches
the Linux box via 192.168.1.0 so Linux connectivity alone is not
sufficient for the router to send packets to 192.168.2.0 -- it must
have an entry for that subnet telling it to use the port connected to
the Linux box in order to reach 192.168.2.0.

If still no joy, post ouput of above commands as well as ipconfig and
route -n from the Linux box.

This is not that compilicated. There is either a hardware problem or
we are overlooking something very obvious. Keep at it :-)
hth,
prg
email above disabled

On Fri, 24 Dec 2004 20:00:10 +0000, Nikita Sergeyevich Khrushchev wrote:

> I have a linux-box with two network cards,
> eth0 (192.168.2.1 netmask 255.255.255.0) connected to a machine running
> WinXp (192.168.2.2 netmask 255.255.255.0).
> eth1 (192.168.1.4 netmask 255.255.255.0) connected to a lan where there is
> also a router (192.168.1.1).
> The default gateway on the linux-box is 192.168.1.1 (the router).
> The default gateway on the WinXp machine is 192.168.2.1.
>
> What I have to do to let the WinXp machine comunicate with the lan (and the
> router).
> I resolved using a bridge (bridge.sourceforge.net) on a linux-box, but there
> must be another way.
> I triyed also to put echo 1 > /proc/sys/net/ipv4/ip_forward but without
> solution.
> Maybe some command like route, ipchain?
> Thaks

Looks like you have setup your routes correctly for the WinXP box, which
is good so packets will be able to find their way to your LAN on
192.168.1.x. For packets to find their way back, all machines on LAN
192.168.1.x must also have a route to your linux router box (192.168.2.1).
Either set it up as the default route path, or manually define a route
using route add...

Hope this helps.

Ben.

> Clarify your network layout -- it is not entirely clear . Is the Linux

My system:

A pc with WinXp Sp2:
Ip: 192.168.2.2
Netmask: 255.255.255.0
Default gateway: 192.168.2.1

Connected with a cross cable to a Linux-box (Slack 10.0) with 2 network
card:
eth0 (connected to WinXp):
Ip: 192.168.2.1
Netmask: 255.255.255.0

eth1 (connected to an office lan where there is also a router 192.138.1.1
that is the default gateway):
192.168.1.4
Netmask: 255.255.255.0

Default gateway: 192.168.1.1

No firewall is installed on WinXp and on Slack 10.0 (I've made de default
installation of Slack so, I think, there is no firewall installed).
WinXp ping correctly both network card on Linux, eth0 and eth1, but don't
ping nothing on the office lan, so neither the router (default gateway).
Linux ping correctly WinXp and the office lan.

Question:
What I have to do for let WinXp comunicate with the office lan, so I can go
to Internet through the router?
Thanks

Nikita Sergeyevich Khrushchev wrote:
> > Clarify your network layout -- it is not entirely clear . Is the
Linux
>
> My system:
>
> A pc with WinXp Sp2:
> Ip: 192.168.2.2
> Netmask: 255.255.255.0
> Default gateway: 192.168.2.1

So, the Linux box acts as GW for XP box.

> Connected with a cross cable to a Linux-box (Slack 10.0) with 2
network
> card:
> eth0 (connected to WinXp):
> Ip: 192.168.2.1
> Netmask: 255.255.255.0

So, eth0 is the nic connected to XP box.

> eth1 (connected to an office lan where there is also a router
192.138.1.1
> that is the default gateway):
> 192.168.1.4
> Netmask: 255.255.255.0

Again, this is not clear -- what _hardware_ is the Linux box connected
to? I _assume_ it is connected _directly_ to the lan router but it
could be a switch or hub as far as I can tell. Is it directly
connected to the router or something else?

> Default gateway: 192.168.1.1

So this is the IP of the lan router. What brand/model is it? Can you
set routes to subnets _not_ directly connected to it in a config
file/screen?

> No firewall is installed on WinXp

XP with SP2 _does_ enable the XP firewall now, IIRC -- don't have one
handy at the moment to confirm. Double check that yours is disabled.

> and on Slack 10.0 (I've made de default
> installation of Slack so, I think, there is no firewall installed).

Correct, afaik.

> WinXp ping correctly both network card on Linux, eth0 and eth1,

This is good Confirm that the Linux box is sending _out_ those
packets headed for the lan with a sniffer (tcpdump or ethereal) just to
be sure everything is OK.
> but don't
> ping nothing on the office lan, so neither the router (default
gateway).
> Linux ping correctly WinXp and the office lan.

This is a _classic_ sign that the router does not have a route to your
XP's subnet. Thus the _return_ packets are dropped by the router
because it has no instructions on what to do with them -- ie., what
interface to send them out on.

> Question:
> What I have to do for let WinXp comunicate with the office lan, so I
can go
> to Internet through the router?
> Thanks

I will be busy today with Christmas -- delayed due to weather :-(

Complete the other items in my previous post -- especially you need to
confirm/enter a route to 192.168.2.0 via 192.168.1.4. I can't tell you
how to do this without router info (and maybe not then as routers can
vary in _how_ to enter route table entries).

Also, in future posts, do _not_ summarize the output of commands -- we
need the _exact_ input line _and_ the _exact_, _full_ output. Xterm is
easiest way, but you can redirect to file from commandline.

I will check back this evening after festivities to see how it's going.
Anyone else is encouraged to help if they can :-)
hth,
prg
email above disabled