im working on a linux router with 3 interfaces (and to add a 4th later, when the project warrants it).
im running this in a MS Virtual Server 2005 setup, and here is the config:
eth0 - attached to our corporate lan - 10.22.194.63/22
eth1 - attached to virtual backend network 1 - 10.0.1.1/30
eth2 - attached to virtual backend network 2 - 10.0.1.5/30
eth0 - attached to virtual backend network 1 - 10.0.1.2/30
eth1 - attached to Site1 Virtual network - 10.237.0.2/24
site2 firewall is not yet built, and wont be until i get this problem solved.
Site1 Virtual Network already has many virtual machines running, all windows stuff for our test environment. they all have default gateway as 10.237.0.2, and use S1-Firewall for access to internet. from any host on S1VN, can successfully ping 10.237.0.2, 10.0.1.2, 10.0.1.1, 10.22.194.63. (i can basically ping every interface to the last before i would exit the virtual networks).
here is the iptables config on the virtual router:
iptables -P INPUT ACCEPT
iptables -A FORWARD -i eth0 -o eth1
# iptables -A FORWARD -i eth0 -o eth2
iptables -A FORWARD -i eth1 -o eth0
# iptables -A FORWARD -i eth2 -o eth0
# iptables -A FORWARD -i eth1 -o eth2
# iptables -A FORWARD -i eth2 -o eth1
iptables -A INPUT -i eth1 -j ACCEPT
# iptables -A INPUT -i eth2 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -i eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
# iptables -A INPUT -s 10.237.0.0/24 -j LOG --log-prefix "INPUT_DROP: "
# iptables -A OUTPUT -j LOG --log-prefix "OUTPUT_DROP: "
as you can see, line items not used in the test commented out, i removed them wondering if they were causing my errors, but i get exact same behavior if they are commented or not. i have also tried changeing the Policy 2nd line to ACCEPT, but that doesnt matter either.
here is the route table on the Virtual Router:
[root@fedora1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.1.4 0.0.0.0 255.255.255.252 U 0 0 0 eth2
10.0.1.0 0.0.0.0 255.255.255.252 U 0 0 0 eth1
10.22.192.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 10.22.192.5 0.0.0.0 UG 0 0 0 eth0
to me, everything looks fine. BUT, when i ping the Virtual Router's defualt gateway from any host on S1VN, i get request timed out. same behavior if i get on S1-Firewall. can ping 10.0.1.1 and 10.22.194.63, but nothing goes past eth0 on the router.
here is the kicker... Virtual Router has no trouble accessing anything on the corporate lan or internet. can connect to or ping any host.
can someone help me out here? im about to pull out what little hair i have left on my head!