Hai,...

Hai, i have a problem with setting a fedora 9 as a router.
I have done the following:
1 comp (fedora) as a router, eth0=192.168.7.8, eth1=192.168.22.1.
1 comp as client of fedora, 192.168.22.2.
1 komputer sebagaicomp as a gateway, 192.168.7.1

i have made the connection, and made the following setting:
1. Set ip on eth0 & eth1 on the fedora
2. Set gateway = 192.168.7.1 (Windows comp as gateway)
3. Set NAT on iptables
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

for this one i've also try:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.22.0/24 -j SNAT -to-source 192.168.7.8

4. Set ip forwarding on /etc/sysctl.conf

Af ter that, i can ping from 192.168.22.2 to 192.168.7.8 and juga 192.168.22.1.
But i can't ping from 192.168.22.2 to 192.168.7.1.

Is this normal? (why can't i ping to my gateway)
Is there anything wrong or missing on my setting?

Oh yea, i also already set the client gateway to 192.168.7.1, and then to 192.168.7.8, and then to 192.168.22.1.
(i tried all possibility).

Thx,
rabbi

you have to set a route to 192.168.22.0/24 from your gateway machine.

your gateway don't know how to route it if u don't set it.

use route add command to add persistent route (i forget on windows ),

try route /help on windows if u don't know or simply google it.

point the gateway for 192.168.22.0/24 to 192.168.7.8 on your gw machine.


if u already done above step & still didn't work, you can try below
step :

- make sure that your forward chain policy is set to accept,
if u want to set it drop, then u have to add rules for forwarding
packet.
or maybe u want to describe it more to us.

- make sure your gateway dont block the packet.

- try not to nat it first.
if u already activate forwarding , u should able to ping your
gateway from client.
make sure u restart your network service after modify sysctl.conf.
run sysctl -v | grep ip_forward , the value should be 1.

- after that success, then you can try to nat it, use masquerade for dynamic ip.


hope help friend.

My gateway is using Windows XP, i can't add routing on it. (i don't know how).

But i use mikrotik router as trial (instead of the fedora, i switch the fedora with mikrotik router), it works fine, i can ping outside the router from another network segment without having to set the route in the gateway.

And, with the fedora, i already set the masquerade, shouldn't the gateway recognize my 192.168.22.0 network as 192.168.7.0 network?

Pleaase, any advice, i'm really lost.


Thx,
Bangbang

yes it should nat it to 192.168.7.8.

try this on your fedora.

iptables -t nat -A POSTROUTING -s 192.168.22.0/24 -j MASQUERADE


please note that if your default policy is drop, then you must add rules in forward chain too.

it would be very helpful if you post your iptables rules with each ip config on every host.

I haven't got any other rules on the iptables, just the nat (masquerade).
And the other host, i didn't set anything else.

I will try it first, then i'll inform you again.

Thanks,
BangBang