LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 12-19-2008, 06:23 AM   #1
theinfidel
LQ Newbie
 
Registered: Aug 2007
Posts: 19

Rep: Reputation: 0
Linux router not allowing traffic through


I have an internet connection from the router I am using it right now.
Here is the setup:

internet gateway 192.168.1.254

Linux router eth0 192.168.1.68
Linux router eth1 192.168.2.110

Linux workstation eth0 192.168.2.119

On the Linux router I cleared iptables so it is ACCEPT for:
INPUT FORWARD OUTPUT

the on the command line I added the following:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.2.0 -o eth0 -j SNAT --to 192.168.1.68

route -n
Destination gateway interface
192.168.2.0 0.0.0.0 eth1
192.168.1.0 0.0.0.0 eth0
0.0.0.0 192.168.1.254 eth0
I cannot reach the internet from workstation I cannot ping eth0 (192.168.1.68), wish is the interface on the Linux router out to the internet gateway.

Is there something wrong with the assiged addresses? What else should I look at to repair the problem?

Thank you very much for any help.

Last edited by theinfidel; 12-19-2008 at 03:26 PM. Reason: bad layout, difficult to read. done originally with a text browser.
 
Old 12-19-2008, 06:34 AM   #2
Roko
LQ Newbie
 
Registered: Sep 2008
Posts: 14

Rep: Reputation: 0
you will have connection to internet from you workstation? from workstation it must go to linux router, then it must go to linux gateway?

workstation -> linux router -> internet gateway -> internet ?

is this correct?
 
Old 12-19-2008, 08:32 AM   #3
theinfidel
LQ Newbie
 
Registered: Aug 2007
Posts: 19

Original Poster
Rep: Reputation: 0
workstation->linux router->internet gateway->internet that is the way it is physically connected. I am just not sure that all the assigned addresses are correct!
If they are then something is missing and the connection cannot complete.
 
Old 12-20-2008, 09:26 AM   #4
Roko
LQ Newbie
 
Registered: Sep 2008
Posts: 14

Rep: Reputation: 0
can you post here list of iptables rulles from linux router?

execute command "iptables -nvL", "iptables -t nat -vnL" and post it here
 
Old 12-21-2008, 07:28 AM   #5
theinfidel
LQ Newbie
 
Registered: Aug 2007
Posts: 19

Original Poster
Rep: Reputation: 0
ROKO wrote:

Quote:
can you post here list of iptables rulles from linux router?

execute command "iptables -nvL", "iptables -t nat -vnL" and post it here
iptables -nvL

Code:
chain INPUT (policy ACCEPT 52 packets, 4089 bytes)
pkts    bytes   target   prot  opt  in  out  source    destination

chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts    bytes   target   prot  opt   in  out  source    destination

chain INPUT (policy ACCEPT 47 packets, 4378 bytes)
pkts    bytes   target   prot  opt   in  out  source    destination
iptables -t nat -nvL

Code:
chain PREROUTING (policy ACCEPT 104 packets, 10038 bytes)
pkts    bytes   target   prot  opt  in  out  source    destination

chain POSTROUTING (policy ACCEPT 6 packets, 467 bytes)
pkts    bytes   target   prot  opt  in  out  source         destination
0        0      SNAT      all   --   *  eth0 192.168.2.0/24 0.0.0.0/0
         to:192.168.1.68

chain OUTPUT (policy ACCEPT 21 packets, 1424 bytes)
pkts    bytes   target   prot  opt  in  out  source         destination
Something is confusing I tried the same setup with iptables cleared, in other words all three chains INTUP, OUTPUT, FORWARD set to ACCEPT and I still could not connect to the outbound interface on the router.
 
Old 12-21-2008, 09:21 AM   #6
PTrenholme
Senior Member
 
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,154

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Addresses in the 192.168.*.* range are not routable. You can't connect to those address through any switch.
 
Old 12-21-2008, 04:01 PM   #7
theinfidel
LQ Newbie
 
Registered: Aug 2007
Posts: 19

Original Poster
Rep: Reputation: 0
PTrenholme:

Quote:
Addresses in the 192.168.*.* range are not routable. You can't connect to those address through any switch.
I want to say that is not true instead I wonder if would explain what do you mean?

I often have a little home router connected to the dsldevice and the addresses are in the 192.168.*.* range. Like dsldevice(192.168.1.254),
router(192.168.1.66)and on the lan side (192.168.123.254). Any computer on the lan side connects to the internet.
 
Old 12-23-2008, 12:09 AM   #8
PTrenholme
Senior Member
 
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,154

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Quote:
Originally Posted by theinfidel View Post
PTrenholme:



I want to say that is not true instead I wonder if would explain what do you mean?

I often have a little home router connected to the dsldevice and the addresses are in the 192.168.*.* range. Like dsldevice(192.168.1.254),
router(192.168.1.66)and on the lan side (192.168.123.254). Any computer on the lan side connects to the internet.
I suppose it could work if the internal router passed private address traffic. (My router [Linksys], and the one in my DSL modem [2Wire], will not connect two systems which use any of the private network addresses.) I think that most routers and Linux systems are designed to not pass private network traffic. Note that Linux systems are often used as network servers, directly connected to the Internet, so allowing private network traffic to pass through the server would not be desirable.

I suspect that this may be the source of your difficulties.

See, e.g., RFC1918

From that document:
Quote:
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks. If such a router receives
such information the rejection shall not be treated as a routing
protocol error.
 
Old 12-25-2008, 01:53 PM   #9
theinfidel
LQ Newbie
 
Registered: Aug 2007
Posts: 19

Original Poster
Rep: Reputation: 0
I fixed the problem, by correcting the entry for the gateway for eth0.
I had that wrong.
I have now internet from behind my linux router.

Thank you for your help.
 
Old 12-26-2008, 03:44 PM   #10
alexhwest
Member
 
Registered: Dec 2008
Location: Cleveland, OH
Distribution: Ubuntu
Posts: 30

Rep: Reputation: 15
As far as linux routers not passing private numbered subnet traffic, and for that matter linksys... it is probably the oddest thing I have ever heard. I understand the quote you printed and what it is saying (you shouldn't pass packets sourced or destined for private subnets between enterprises), but it really doesn't have anything to do with what routers will do. There is nothing in any linux system that I have ever used that would stop you from routing between two of its interfaces, no matter what IP subnets you configure them to be on, unless you configured it to. You are making it sound like there is some kind of built in restriction in linux systems and routers in general that frown on this, and that is not true in any sense. Maybe I am misunderstanding what you meant when you tried to say that.

Last edited by alexhwest; 12-26-2008 at 03:57 PM.
 
  


Reply

Tags
ip, iptables, linux, router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables - Allowing BitTorrent & aMule Traffic mistersnorfles Linux - Networking 2 08-20-2007 10:08 AM
allowing traffic in some ports igordonin Linux - Networking 10 12-11-2006 09:46 AM
iptables allowing all LAN traffic tebucky Linux - Security 1 11-04-2004 12:27 PM
Linux router - How can i monitor traffic Rooboy Linux - Networking 3 02-13-2004 03:19 PM
allowing IP traffic on firewall - unsafe? complus Linux - Security 4 09-04-2003 04:57 PM


All times are GMT -5. The time now is 10:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration