Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-20-2008, 03:47 PM   #1
Registered: Nov 2002
Location: Lone Tree, CO
Distribution: Xubuntu Gutsy
Posts: 174

Rep: Reputation: 30
3 NICs, 1 external, 2 internal, only one routing

I have a debian server with 3 NICs: eth0, eth1 and eth2
  • eth0: outside world
  • eth1: inside private network
  • eth2: inside public network

The idea is to provide internet with networking on eth1 (domain setup). eth2 is for public wireless access so that guests can come and use the internet, but not be able to get on the private network.

The dhcp setup is:
  • eth0: dhcp assigned
  • eth1:
  • eth2:

I am getting DNS lookups, DHCP assignments all working great from both the 100 and 101 subnets. The problem is that eth2 packets (101 subnet) are not being routed to eth0. eth1 / 100subnet is working fine.

here is the "route -N" ouput:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface   U     0      0        0 eth1   U     0      0        0 eth2   U     0      0        0 eth0         UG    0      0        0 eth0
I added these iptables rules:
iptables -A FORWARD -i eth2 -j LOG --log-prefix "IPTABLES FORWARD: " --log-level 6
iptables -A INPUT -i eth2 -j LOG --log-prefix "IPTABLES INPUT: " --log-level 6
I get the "IPTABLES INPUT:" rules, but there is never any activity on the FORWARD chain for eth2 (eth1 does show up with this rule).

I am at a loss to why eth1 internet traffic is correctly routed through eth0, but eth2 is not.

Here is some of my iptables setup:
echo "Allowing localhost"
iptables -A INPUT  -i lo -j ACCEPT 
iptables -A OUTPUT -o lo -j ACCEPT 

iptables -A FORWARD -i eth2 -j LOG --log-prefix "IPTABLES FORWARD: " --log-level 6
iptables -A INPUT -i eth2 -j LOG --log-prefix "IPTABLES INPUT: " --log-level 6
#iptables -t nat -A PREROUTING -i eth2 -s -j DNAT --to-destination

# allow unlimited traffic on the intranet
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables -A INPUT   -j ACCEPT -i eth1 
iptables -A INPUT   -j ACCEPT -i eth2
iptables -A OUTPUT  -j ACCEPT -o eth0
iptables -A FORWARD -j ACCEPT -i eth1 
iptables -A FORWARD -j ACCEPT -i eth2
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Any ideas?

Thanks for any help
Old 07-20-2008, 05:00 PM   #2
Senior Member
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,125
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
Do you have the default route set correctly for eth2 machines? They might not know to send their outbound packets to this outside world box. This could be easily caused in dhcp if you did a cut and paste and didn't change the router entry.
Old 07-20-2008, 05:03 PM   #3
Registered: Nov 2002
Location: Lone Tree, CO
Distribution: Xubuntu Gutsy
Posts: 174

Original Poster
Rep: Reputation: 30
Problem solved. I forgot one tiny little line in the dhcpd.conf inside the 101 subnet:


I had a global router of set in that file. As a result, the client machine was not having the default gateway set when it got an IP address via the DHCP server.

Argh! I hate simple mistakes that take hours of time.


forward, iptables, route

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
routing of all nics satish Linux - Networking 1 07-05-2008 09:25 AM
need help with routing for two NICs bramint Linux - Networking 8 07-24-2007 02:49 PM
Internal communication between NICs abhiar Linux - Networking 3 10-17-2006 11:51 AM
Routing between 2 NICs Tinochelli Linux - Networking 4 12-09-2004 11:33 AM
Routing with 3 nics _TK_ Linux - Networking 2 09-25-2001 11:32 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:09 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration