LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Gateway computer configuration question (http://www.linuxquestions.org/questions/linux-networking-3/gateway-computer-configuration-question-4175453670/)

donalbane 03-11-2013 04:13 PM

Gateway computer configuration question
 
I have the following network configuration, with computer 1 connected to computer 2, which is connected to the Internet.

Computer 1
eth0: 192.168.0.9
default gateway: 192.168.0.1

Computer 2
eth0: 192.168.0.1
eth1: XXX.XXX.XXX.27
eth2: 192.168.1.1
default gateway: XXX.XXX.XXX.254

Routing table on Computer 2:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.128.0 * 255.255.255.0 U 0 0 0 eth3
XXX.XXX.XXX.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth2
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
default XXX.XXX.XXX.254 0.0.0.0 UG 0 0 0 eth1

I have a firewall on Computer 2 that basically looks like this:
http://www.debian-administration.org/articles/23

I want Computer 1 to be able to connect to the Internet through Computer 2. As a first step, I just want to be able to get a ping response from eth1 on Computer 2 from Computer 1. I can get a ping response from eth2, but not eth1. When I run tcpdump on Computer 2 I can see an ICMP request come in on eth0 and an ICMP reply come in on eth1, but I never see an ICMP reply go out on eth0.

Can anyone see what I need to add in order to be able to get a ping response from eth1 on Computer 1?

Thanks,
Don

KinnowGrower 03-11-2013 09:38 PM

The firewall on that link has the rule
Code:

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

It seems this rule is causing the problem. Outside interface is eth0 but in this rule it is eth1, that does not seem correct. Can you try after replacing -i eth1 to -i eth0 in this rule?

donalbane 03-12-2013 11:49 AM

Thanks for your reply.

I ended up just giving up on getting a ping response from eth1, and just continuing on with my ultimate goal of getting from Computer 1 out to the Internet. For that purpose, everything works, so I'm not going to worry about it.

Don


All times are GMT -5. The time now is 11:56 PM.