Access to public host from private host through Linux router

Discussion in 'Linux Networking' started by Santanu Chatterjee, Nov 13, 2003.

  1. Hi all,

    We have a linux (Mandrake 9.1) router having network at eth0
    and at eth1.

    Pinging from a host of IP (connected by hub with eth1) to (eth0 of the Mandrake Linux router) is possible but
    we are unable to ping any host of the network

    I am a newbie at this. Could anyone please help me out here.
    If possible, please tell me what routes are to be added.

    Santanu Chatterjee, Nov 13, 2003
    1. Advertisements

  2. Hi Santanu,

    Some troubleshooting tips:

    1) Are you running a firewall as well? If it is iptables, you
    need to make sure eth0 is forwarded to eth1 and eth1 is
    forwarded to eth0 (but only the traffic you want to pass).

    2) Check your route tables with
    netstat -rn
    You will need this data for steps 2a and 2b

    2a) Are you running the router daemon?
    /etc/rc.d/init.d/routed start
    If this works you will need to add it to your rc
    startup list
    sysconfig --add routed
    Reboot to make sure it stuck

    2b) Are your ethx gateways configured correctly?
    /etc/sysconfig/network-scripts/ifcfg-eth0 and eth1
    Your internal ethx (off Internet) needs to point to your
    external ethx (connected to the Internet). Your external
    ethx needs to point to you Internet providers default

    Anthony Ewell, Nov 13, 2003
    1. Advertisements

  3. Does Mdk router have ip_forward enabled
    (does 'cat /proc/sys/net/ipv4/ip_forward' return 1)?

    Does it have any iptables forward rules to allow to forward
    to/from network before any masquerading rules?

    Does have a route for network using Mdk router
    eth1 IP for gateway?
    David Efflandt, Nov 14, 2003
  4. Thanks for the tips above. They will help me in future too.
    I checked the above settings. Everything seemed to be OK.
    After some hair pulling it turned out that ip_forwarding was
    not enabled by default by Mandrake. Once I did that everything

    So, I thought that well, for the first time, I have set up
    the routing table correctly (I did not use routed, and I had set
    the routing table after reading the relevant portions of the NAG).
    But I was wrong. It was actually the ip_forwarding that worked, and
    the actual routing was being done by the CISCO router which had been
    set up by the cisco experts hired by our college. This I came to
    know when the cisco expert tried to place the Linux router in place
    of the cisco router. So, I am only successful in that things are
    working as far as the college networking is concerned.

    Now, since things are already working, I won't be allowed to tweak
    the settings any further. But still, I would want to know if there
    is something that I am missing. I mean, something basic, like
    enabling ip_forwarding, that would _enable_ routing in Linux?
    Any pointers to any online docs that deal with Linux routing _in_depth_
    would be very helpful. The NAG does to go very deep into routing.
    (All the other docs that I found about linux routing mainly deals with
    Firewalling about which I am not very interested right now.)

    Santanu Chatterjee, Nov 14, 2003
  5. Yes, _that_ was the problem. Now it works, but still routing does
    not work (please see my reply to Anthony Ewell).
    Well, I did give that route and it appeared in the output shown
    by 'route -n' command (I can't exactly reproduce the line, as the
    setup is already working using the routing services of a cicso router
    and I won't be allowed to touch that setup again (until it goes wrong))

    Still, could you please state the exact command line to use for the
    route command for doing that. Maybe I can recall if I made any mistake
    in that. IIRC, the line I used was, most probably:
    # route add gw
    (where is the machine with its other ethernet interface

    Santanu Chatterjee, Nov 14, 2003
  6. Then it could have something to do with iptables rules. If you were
    masquerading (so it could access internet) then you would
    have had to punch a forward hole through it between
    to/from to ACCEPT before any masq rule.
    See 'man route'. The correct way to route to a network (assuming default netmask for 192.168.x.x network) via a gateway:

    route add -net gw
    (possibly with 'dev eth0' or whatever interface it goes out of).
    David Efflandt, Nov 15, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.