LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-06-2008, 10:23 AM   #1
linuxexpress
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Rep: Reputation: 15
Route problem


Hi,

I have problem in setting the routing table. Any help is appreciated.

I have set up a new server with Fedora 9 installed. This server had 2 network cards configured, one connect to the internet with a fixed IP address and the other NIC connect to a local LAN of 3 windows machine.

The internal IP address for eth0 of the server is 10.0.0.41
The external IP address for eth1 of the server is aa.bbb.ccc.82
The gateway is aa.bbb.ccc.81

I have no problem in accessing the internet from the server but I have problem in accessing the internet from the windows machine.

From the server I can ping to the gateway, aa.bbb.ccc.81
From the windows machine, I can ping to the server's internal IP address and its external IP address but fail to ping to the gateway as above.

The gateway of the windows machines is set to 10.0.0.41

Is there any problem in the routing set up and what is that link-local in the routing table:

[root@server ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
aa.bbb.ccc.80 * 255.255.255.240 U 0 0 0 eth1
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 0 0 0 eth1
default aa-bbb-ccc-81.b 0.0.0.0 UG 0 0 0 eth1
 
Old 11-06-2008, 11:28 AM   #2
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,117
Blog Entries: 2

Rep: Reputation: 113Reputation: 113
You need to have ip forwarding turned on if you want the packets to be able to go through your server (echo 1 > /proc/sys/net/ipv4/ip_forward; plus you'll want to edit your sysctl.conf file to turn it on permanently). You'll also most likely need to masquerade the packets going to the internet (iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j MASQUERADE)
 
Old 11-06-2008, 02:55 PM   #3
linuxexpress
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
Hi estabroo,

Thanks for your information.

I am using Fedora 9. How to add this rule, 'iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j MASQUERADE' in the /etc/sysconfig/iptables?
 
Old 11-06-2008, 04:02 PM   #4
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,117
Blog Entries: 2

Rep: Reputation: 113Reputation: 113
I think all you need to do is run that iptables command to make the rule active and then:
/sbin/services iptables save


http://www.redhat.com/docs/manuals/e...es-saving.html
 
Old 11-07-2008, 05:02 PM   #5
linuxexpress
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
I turned on the ip_forward with:
1) echo 1 > /proc/sys/net/ipv4/ip_forward and
2) edit edit /etc/sysctl.conf with
net.ipv4.ip_forward = 1

and add a rule to the firewall:
> iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth1 -j MASQUERADE
> service iptables save

After the above changes. I still can access the internet from the Fedora box but not from the LAN windows box.

when I ping to the gateway aa.bbb.ccc.81 from the windows machine, it displays the following:

reply from 10.0.0.41 destination host unreachable
reply from 10.0.0.41 destination host unreachable


( where 10.0.0.41 is the internal ip address of the server )

Below is the information for the firewall rules when I type in iptables -L

> iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dptop3s
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Old 11-07-2008, 11:45 PM   #6
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,117
Blog Entries: 2

Rep: Reputation: 113Reputation: 113
what's the ip address and netmask of the windows machine?

Last edited by estabroo; 11-07-2008 at 11:46 PM. Reason: netmask
 
Old 11-08-2008, 09:06 PM   #7
linuxexpress
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
windows machine ip address: 10.0.0.3
netmask: 255.255.255.0
 
Old 11-08-2008, 11:02 PM   #8
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,117
Blog Entries: 2

Rep: Reputation: 113Reputation: 113
You need to allow packets through your FORWARD rule, I just noticed that you have it set to REJECT everything in FORWARD. All the packets coming from the windows box and going out eth1 end up passing through FORWARD.
 
Old 11-08-2008, 11:40 PM   #9
linuxexpress
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
I am new to Linux. The iptables rules is the default setting when I install the Fedora. How to add a rule to allow packets through the FORWARD rule as you stated
 
Old 11-08-2008, 11:57 PM   #10
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,117
Blog Entries: 2

Rep: Reputation: 113Reputation: 113
For now just remove the reject rule that is there, iptables -D FORWARD 1
you can always add back some restrictions later.
 
Old 11-10-2008, 03:59 PM   #11
linuxexpress
LQ Newbie
 
Registered: Nov 2008
Posts: 22

Original Poster
Rep: Reputation: 15
It is working now and I can access the internet from the windows machine by removing the FORWARD reject rule.

Thanks Estabroo for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iproute2 (ip route), pppoe and default route lorddoskias Linux - Networking 0 05-09-2007 12:04 PM
Default route took 20s to display with 'route' command Akhran Linux - Newbie 3 11-04-2006 05:59 AM
I am not able to add a new route to my route table using route command prashanth s j Linux - Networking 2 09-03-2005 05:34 AM
ADSL as a Alternate route or backup route bhagat2000 Linux - Networking 0 05-27-2004 04:17 PM
Working with 'route' and unwanted route entries pioniere Linux - Networking 6 02-05-2003 01:14 PM


All times are GMT -5. The time now is 12:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration