Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have an internet connection from the router I am using it right now.
Here is the setup:
internet gateway 192.168.1.254
Linux router eth0 192.168.1.68
Linux router eth1 192.168.2.110
Linux workstation eth0 192.168.2.119
On the Linux router I cleared iptables so it is ACCEPT for:
INPUT FORWARD OUTPUT
the on the command line I added the following:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.2.0 -o eth0 -j SNAT --to 192.168.1.68
route -n
Destination gateway interface
192.168.2.0 0.0.0.0 eth1
192.168.1.0 0.0.0.0 eth0
0.0.0.0 192.168.1.254 eth0
I cannot reach the internet from workstation I cannot ping eth0 (192.168.1.68), wish is the interface on the Linux router out to the internet gateway.
Is there something wrong with the assiged addresses? What else should I look at to repair the problem?
Thank you very much for any help.
Last edited by theinfidel; 12-19-2008 at 02:26 PM.
Reason: bad layout, difficult to read. done originally with a text browser.
workstation->linux router->internet gateway->internet that is the way it is physically connected. I am just not sure that all the assigned addresses are correct!
If they are then something is missing and the connection cannot complete.
can you post here list of iptables rulles from linux router?
execute command "iptables -nvL", "iptables -t nat -vnL" and post it here
iptables -nvL
Code:
chain INPUT (policy ACCEPT 52 packets, 4089 bytes)
pkts bytes target prot opt in out source destination
chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
chain INPUT (policy ACCEPT 47 packets, 4378 bytes)
pkts bytes target prot opt in out source destination
iptables -t nat -nvL
Code:
chain PREROUTING (policy ACCEPT 104 packets, 10038 bytes)
pkts bytes target prot opt in out source destination
chain POSTROUTING (policy ACCEPT 6 packets, 467 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * eth0 192.168.2.0/24 0.0.0.0/0
to:192.168.1.68
chain OUTPUT (policy ACCEPT 21 packets, 1424 bytes)
pkts bytes target prot opt in out source destination
Something is confusing I tried the same setup with iptables cleared, in other words all three chains INTUP, OUTPUT, FORWARD set to ACCEPT and I still could not connect to the outbound interface on the router.
Addresses in the 192.168.*.* range are not routable. You can't connect to those address through any switch.
I want to say that is not true instead I wonder if would explain what do you mean?
I often have a little home router connected to the dsldevice and the addresses are in the 192.168.*.* range. Like dsldevice(192.168.1.254),
router(192.168.1.66)and on the lan side (192.168.123.254). Any computer on the lan side connects to the internet.
I want to say that is not true instead I wonder if would explain what do you mean?
I often have a little home router connected to the dsldevice and the addresses are in the 192.168.*.* range. Like dsldevice(192.168.1.254),
router(192.168.1.66)and on the lan side (192.168.123.254). Any computer on the lan side connects to the internet.
I suppose it could work if the internal router passed private address traffic. (My router [Linksys], and the one in my DSL modem [2Wire], will not connect two systems which use any of the private network addresses.) I think that most routers and Linux systems are designed to not pass private network traffic. Note that Linux systems are often used as network servers, directly connected to the Internet, so allowing private network traffic to pass through the server would not be desirable.
I suspect that this may be the source of your difficulties.
Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks. If such a router receives
such information the rejection shall not be treated as a routing
protocol error.
As far as linux routers not passing private numbered subnet traffic, and for that matter linksys... it is probably the oddest thing I have ever heard. I understand the quote you printed and what it is saying (you shouldn't pass packets sourced or destined for private subnets between enterprises), but it really doesn't have anything to do with what routers will do. There is nothing in any linux system that I have ever used that would stop you from routing between two of its interfaces, no matter what IP subnets you configure them to be on, unless you configured it to. You are making it sound like there is some kind of built in restriction in linux systems and routers in general that frown on this, and that is not true in any sense. Maybe I am misunderstanding what you meant when you tried to say that.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.