Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 06-09-2005, 04:50 PM   #1
Registered: Jun 2005
Location: Dallas, TX
Distribution: Fedora 11,12, RedHat4,6, CentOS4,5, FreeBSD7,8
Posts: 70

Rep: Reputation: 16
a linux router project im trying to get going

im working on a linux router with 3 interfaces (and to add a 4th later, when the project warrants it).

im running this in a MS Virtual Server 2005 setup, and here is the config:

Virtual Router
eth0 - attached to our corporate lan -
eth1 - attached to virtual backend network 1 -
eth2 - attached to virtual backend network 2 -

eth0 - attached to virtual backend network 1 -
eth1 - attached to Site1 Virtual network -

site2 firewall is not yet built, and wont be until i get this problem solved.

Site1 Virtual Network already has many virtual machines running, all windows stuff for our test environment. they all have default gateway as, and use S1-Firewall for access to internet. from any host on S1VN, can successfully ping,,, (i can basically ping every interface to the last before i would exit the virtual networks).

here is the iptables config on the virtual router:
iptables --flush
iptables -P INPUT ACCEPT
iptables -A FORWARD -i eth0 -o eth1
# iptables -A FORWARD -i eth0 -o eth2
iptables -A FORWARD -i eth1 -o eth0
# iptables -A FORWARD -i eth2 -o eth0
# iptables -A FORWARD -i eth1 -o eth2
# iptables -A FORWARD -i eth2 -o eth1
iptables -A INPUT -i eth1 -j ACCEPT
# iptables -A INPUT -i eth2 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -i eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
# iptables -A INPUT -s -j LOG --log-prefix "INPUT_DROP: "
# iptables -A OUTPUT -j LOG --log-prefix "OUTPUT_DROP: "
as you can see, line items not used in the test commented out, i removed them wondering if they were causing my errors, but i get exact same behavior if they are commented or not. i have also tried changeing the Policy 2nd line to ACCEPT, but that doesnt matter either.

here is the route table on the Virtual Router:
[root@fedora1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface U     0      0        0 eth2 U     0      0        0 eth1   U     0      0        0 eth0     U     0      0        0 eth2         UG    0      0        0 eth0
to me, everything looks fine. BUT, when i ping the Virtual Router's defualt gateway from any host on S1VN, i get request timed out. same behavior if i get on S1-Firewall. can ping and, but nothing goes past eth0 on the router.

here is the kicker... Virtual Router has no trouble accessing anything on the corporate lan or internet. can connect to or ping any host.

can someone help me out here? im about to pull out what little hair i have left on my head!

Old 06-10-2005, 03:07 PM   #2
Registered: Jun 2005
Location: Dallas, TX
Distribution: Fedora 11,12, RedHat4,6, CentOS4,5, FreeBSD7,8
Posts: 70

Original Poster
Rep: Reputation: 16
man i jecked with this all day and night, still nothing. anyone have any experience with this?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Linux router project harikesh Linux - General 1 10-24-2005 02:28 AM
Linux Router project - serial terminal antken Linux - General 1 03-28-2005 02:53 AM
Beginning a big project - Need an Good Project Manager gamehack Programming 3 01-15-2004 11:49 AM
Linux Router Project on a laptop m_reider Linux - Laptop and Netbook 4 12-04-2003 10:40 AM
LRP Linux Router Project problem notorious_guy Linux - Networking 0 08-28-2003 10:46 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:38 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration