Hi All,

I am trying to setup my Centos 4.4 box with two nics as a static router. Here is what I have:

Nic1: 10.0.0.80 eth3
Nic2: 192.168.1.1 eth2

I have applied the following iptables rules:

/sbin/iptables -t nat - A POSTROUTING -o eth2
/sbin/iptables -t nat - A POSTROUTING -o eth3
/sbin/iptables -t filter -A FORWARD -d 192.168.1.1 -s 10.0.0.0/24 -j ACCEPT

I then added a route:

route add -net 10.0.0.0 netmask 255.255.255.0 gw 192.168.1.1 dev eth2

I enabled ip_forwarding in /proc/sys/net/ipv4/ip_forward so that is =1.
I cannot ping one nic to the other. Any ideas on what could be cuasing the problem? Thanks

to route at the simplest level, there's no need for iptables at all, just the ip_forward. you also need do routing commons for those two networks on the routing machine as it already knows where those networks are. what you would need to route is the traffic from each client to that box in the first place.

Thanks for the quick reply. Can you explain "routing commons"? Also, does it matter what their their default gateways are if I'm simply trying to ping from within the machine? For example:

$ping -I eth2 10.0.0.80

where eth2 has the ip address of 192.168.1.1

This is what I do. Setup eth0 as the main nic gateway. Define an IP, netmask, gateway for the interface. Also setup dns ip in /etc/resolv.conf. Then for eth1 set only the IP and netmask values. Do not set a gateway on this nic. Now enable ip_forward like you did that should all that is needed.

Brian

sorry i meant "routing commands"... nothgin cryptic there after all..

Tried what you said and still a no go. I have ip_forward enabled, but I can't seem to ping one nic to another within the same physical box. Any suggestions?

Do you have three nics in the machine?

Brian

I have 2 nics:

Nic1 (eth2): 192.168.1.1
Nic2 (eth3): 10.0.0.80

Nic1: 10.0.0.80 eth3 - Local system interface
Nic2: 192.168.1.1 eth2 - Internet connected interface

Lets consider 192.168.1.1 which is connected to the internet router


1) ping localy for both interfaces to make sure the interface is up

2) ping your internet gateway from the local system to check whether the system is reachable if it works that subnet(192.168.1.0) is okie

3) you can also make sure by connecting a system in the same subnet like 192.168.1.10 and try pinging 192.168.1.1

4) vi /etc/sysctl.conf

net.ipv4.ip_forward = 1 # Add the above entry in the above file


5) you can set your 192.168.1.10's default gateway as 192.168.1.1 for 10.0.0.0/24 and check whether you receive a reply if you dont want to setup default gateway u can use the route add command

route add -host 10.0.0.80 gw 192.168.1.1 eth1 <------ this is to be configured in the local 192.168.1.10 system

7) ping now 192.168.1.10 ---> 192.168.1.1
ping now 192.168.1.10 ---> 10.0.0.80

As we have enabled forwarding both nic's should be pingable

To Make it as a router we need to configure the table NAT

iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE

iptables --append FORWARD --in-interface eth3 -j ACCEPT

service iptables save

After issuing the 3 commands hopefully it should work, it works for VPN Server as well.

The above settings are for your settings of eth2 and eth3 nic. In your case eth2 is connected to internet router and eth3 is the local network and systems connected within the 10.0.0.0/24 subnet should point thier gateway as 10.0.0.80 and so that systems in that network will be allowed internet access or to reach the sytem which is reachable via 192.168.1.0/24 subnet

bigb0ss,

I tried as you instucted, but still a no go. I cannot ping the internal nics (by internal I mean nic1 cannot ping nic2).

I double checked my ip_forward and it is set to 1.

I'm stumped!

It might be not of help at all, but I was wondering: since machines usualy start counting nic's starting from eth0, what happend to your eth0 and eth1?

ok, well run tcpdump on the client, the router and the remote peer and see who sees what icmp packets.