Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
need to write a routing table for my internal firewall.
192.168.0.3 = eth0 (comes in from router)
172.16.0.2 = eth1 (goes out to switch)
now that i have activated both cards(which are the same model), the only things that i can ping are loopback and router.
this is why i think i need a routing table.
im surea few people on here know how to do this?
thanks in advance,
clay
.................................................................................................... ...............
I don't quite understand what you mean by "writing routing table", this is really confusing, at least in a firewall scripting sense.
First of all if you want to make this box a router, first make sure the routing table (yes, the real one) is correct, as you suggested it might be wrong. type "route -n". You will see route used by your machine. You should have 1 route for the 192.168.0.255 range and one for the 172.16.255.255 range, plus one "default" route that should point to your "real router".
Then, make sure your box is allowed to forward trafic:
Code:
echo "1" > /proc/sys/net/ipv4/ip_forward"
Finally, you will need a simple firewall script to make sure this box is NATing. Something like :
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
You will see route used by your machine. You should have 1 route for the 192.168.0.255 range and one for the 172.16.255.255 range, plus one "default" route that should point to your "real router".
_____________________________________________________
If the lines arent there, how do i specify that when i ping google, it goes through 192.x.x.x ,and when i ping 172.x.x.x, it goes through 172.x.x.x?
thats what a routing table is for right?
so how do i change that, sorry im very new to this.
............
maybe if you could post your routing table I could tell you? Post output of "route -n".
The "default" route is the "when you don't know where to send send it there" route, so this should be pointing to your router. You should also have "normal" routes about both of your "subnet" ;" 192.168.x.x" and "172.x.x.x". As you shouldn't send trafic to these subnet if it doesn't belong, just a default route should be fine, you won't need advanced routing.
are the "default" routes. It is really weird that you have 2 default, it's a nonsense. Assuming your router (gateway to the internet) ip is 192.168.0.1, the 172.16.0.1 is wrong. Just removing this one should fix a lot of things, try "route del default gw 172.16.0.1 dev eth1".
Originally posted by xet but i have 2 nic cards, why would i wanna delete one route?
yes, i do have them both set as default...
Well, because defaults are like the Highlander-- There can be only one! Ha-ha... but seriously, the default route is supposed to be where your computer sends a packet if nothing else matches. So if none of your more specific routes match, should the packets be sent out over NIC 1 or NIC 2? The answer is-- there is no way to tell! You have to have the routing table set up so that certain addresses go to one NIC, and other addresses go to the other, and never the twain shall meet. Does that make sense?
Originally posted by carl.waldbieser Well, because defaults are like the Highlander-- There can be only one! Ha-ha... but seriously, the default route is supposed to be where your computer sends a packet if nothing else matches. So if none of your more specific routes match, should the packets be sent out over NIC 1 or NIC 2? The answer is-- there is no way to tell! You have to have the routing table set up so that certain addresses go to one NIC, and other addresses go to the other, and never the twain shall meet. Does that make sense?
yes, its makes great sense.
i dont know much about routing, and for some reason i thought it was way more complicated than that.
i will try the routing when i get back.. thanks
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.