Re: Network Routing

David Efflandt wrote:
> On Sun, 17 Apr 2005, Vivian McPhail <(E-Mail Removed)> wrote:
>
>>Apologies if this is not the correct list.
>>
>>I have a linux box with kernel 2.6.11.7 which I am trying to configure
>>as a router. I have a cable modem connected to a firewall/router
>>(192.168.2.1). The linux box (yoda 192.168.2.4, 192.168.1.1) is
>>connected to the firewall/router. Also connected to yoda is another
>>network (with computer foo 192.168.1.3). I can access the internet from
>>yoda and I can access yoda from foo, but I cannot access the internet
>>from foo.
>>
>>yoda has the correct interface configuration and routing table
>>
>>192.168.2.0 * 255.255.255.0 eth1
>>192.168.1.0 * 255.255.255.0 eth0
>>default 192.168.2.1 0.0.0.0 eth1
>>
>>and I have ip forwarding enabled:
>>
>>$ cat /proc/sys/net/ipv4/ip_forward
>>1
>>
>> From what I have found in the HOWTOs and documentation this is all I
>>should have to do.
>>
>>I do not need to do any masquerading so I do not see the need for
>>netfiltering, is this assumption correct?
>
>
> Not necessarily. Your router likely has no knowledge of, or any clue, how
> to route your 192.168.1.0/24 network.
>
> - If your router is capable of static routing, you could use yoda
> 192.168.2.4 on it as a gateway for 192.168.1.0/24 network.
>
> - Or if your router is capable of setting a 255.255.0.0 netmask, you could
> enable proxy arp on eth1, so it would answer arp for eth0:
>
> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
>
> - Or even if netmask on router is limited to 255.255.255.0 you could set
> eth0 to a portion of eth1 network and enable proxy_arp on eth1. For
> example based on my wireless subnet, you could set eth0 to 192.168.2.241
> netmask 255.255.255.249 broadcast 192.168.2.247 and have useable IPs on
> eth0 .242 - .246. PC(s) on eth0 would use eth0 IP as gateway. With
> proxy_arp enabled for eth1, it would answer arp requests for eth0 net,
> making it one happy LAN.
>
> - Or if all else fails, use iptables to masquerade your eth0 network as
> your eth1 IP.

First, the firewall has static routing with an entry to use yoda as the
gateway for the 192.168.1.0/24 network, so packets should theoretically
be able to be returned.

However, all else failed and I tried to use iptables to masquerage the
eth0 network. I had the most liberal forwarding policy possible.
Unfortunately this did not work.

It seems that, for some reason, packets are not being forwared from eth0
to eth1.

I can ping yoda from foo. I can ping the firewall from yoda. I cannot
ping the firewall from foo.

As I mentioned earlier, I have ip_forward enabled.

TIA

Vivian


Vivian McPhail

On 2005-04-19, Vivian McPhail <(E-Mail Removed)> wrote:
> David Efflandt wrote:
>> On Sun, 17 Apr 2005, Vivian McPhail <(E-Mail Removed)> wrote:
>>
>>>Apologies if this is not the correct list.
>>>
>>>I have a linux box with kernel 2.6.11.7 which I am trying to configure
>>>as a router. I have a cable modem connected to a firewall/router
>>>(192.168.2.1). The linux box (yoda 192.168.2.4, 192.168.1.1) is
>>>connected to the firewall/router. Also connected to yoda is another
>>>network (with computer foo 192.168.1.3). I can access the internet from
>>>yoda and I can access yoda from foo, but I cannot access the internet
>>>from foo.
>>>
>>>yoda has the correct interface configuration and routing table
>>>
>>>192.168.2.0 * 255.255.255.0 eth1
>>>192.168.1.0 * 255.255.255.0 eth0
>>>default 192.168.2.1 0.0.0.0 eth1
>>>
>>>and I have ip forwarding enabled:
>>>
>>>$ cat /proc/sys/net/ipv4/ip_forward
>>>1
>>>
>>> From what I have found in the HOWTOs and documentation this is all I
>>>should have to do.
>>>
>>>I do not need to do any masquerading so I do not see the need for
>>>netfiltering, is this assumption correct?
>>
>>
>> Not necessarily. Your router likely has no knowledge of, or any clue, how
>> to route your 192.168.1.0/24 network.
>>
>> - If your router is capable of static routing, you could use yoda
>> 192.168.2.4 on it as a gateway for 192.168.1.0/24 network.
>>
>> - Or if your router is capable of setting a 255.255.0.0 netmask, you could
>> enable proxy arp on eth1, so it would answer arp for eth0:
>>
>> echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp
>>
>> - Or even if netmask on router is limited to 255.255.255.0 you could set
>> eth0 to a portion of eth1 network and enable proxy_arp on eth1. For
>> example based on my wireless subnet, you could set eth0 to 192.168.2.241
>> netmask 255.255.255.249 broadcast 192.168.2.247 and have useable IPs on
>> eth0 .242 - .246. PC(s) on eth0 would use eth0 IP as gateway. With
>> proxy_arp enabled for eth1, it would answer arp requests for eth0 net,
>> making it one happy LAN.
>>
>> - Or if all else fails, use iptables to masquerade your eth0 network as
>> your eth1 IP.
>
> First, the firewall has static routing with an entry to use yoda as the
> gateway for the 192.168.1.0/24 network, so packets should theoretically
> be able to be returned.
>
> However, all else failed and I tried to use iptables to masquerage the
> eth0 network. I had the most liberal forwarding policy possible.
> Unfortunately this did not work.
>
> It seems that, for some reason, packets are not being forwared from eth0
> to eth1.
>
> I can ping yoda from foo. I can ping the firewall from yoda. I cannot
> ping the firewall from foo.
>
> As I mentioned earlier, I have ip_forward enabled.
>

Do you have yoda as gateway in default route on foo?
You can also try from foo:
traceroute -n 192.168.2.1

Jarek P.