LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page forward don't forward
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-05-2006, 03:49 PM   #1
marco-slack
LQ Newbie
 
Registered: Apr 2006
Posts: 5

Rep: Reputation: 0
forward don't forward

This is the gateway:

.............................. +----------------------------------------------+
192.168.0.0/24---------|eth0(192.168.0.254)..............................|
192.168.2.0/24---------|eth2(192.168.2.254)...eth1(192.168.1.254)|-------192.168.1.0/24
...............................+----------------------------------------------+

[bad ascii-art ]

the routing table from the gateway:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth2
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
localnet * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 1 0 0 eth1


the routing table from 192.168.0.10 (on the 192.168.0.0 net):

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.254 0.0.0.0 UG 0 0 0 eth0

on the gateway I exec:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -j ACCEPT

from GW I can ping all the machines
from 192.168.0.10 I can ping 192.168.0.254(GW)
why I can't ping from 192.168.0.10 to 192.168.1.1(located on 192.168.1.0 net)

thanks
Last edited by marco-slack; 04-05-2006 at 03:54 PM.
 
Old 04-06-2006, 04:51 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by marco-slack
This is the gateway:

.............................. +----------------------------------------------+
192.168.0.0/24---------|eth0(192.168.0.254)..............................|
192.168.2.0/24---------|eth2(192.168.2.254)...eth1(192.168.1.254)|-------192.168.1.0/24
...............................+----------------------------------------------+

[bad ascii-art ]

the routing table from the gateway:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth2
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
localnet * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 1 0 0 eth1


the routing table from 192.168.0.10 (on the 192.168.0.0 net):

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 192.168.0.254 0.0.0.0 UG 0 0 0 eth0

on the gateway I exec:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -j ACCEPT

from GW I can ping all the machines
from 192.168.0.10 I can ping 192.168.0.254(GW)
why I can't ping from 192.168.0.10 to 192.168.1.1(located on 192.168.1.0 net)

thanks
hi there, welcome to LQ...

your problem could be caused by several things, but if your policy is set to DROP (as it should be), then the problem is likely that you aren't accepting the packets which are coming back (of a state ESTABLISHED)...

either way, this is how i would do it:
Code:
echo "0" > /proc/sys/net/ipv4/ip_forward

iptables -F FORWARD

iptables -P FORWARD DROP

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 \
-m state --state NEW -j ACCEPT

iptables -A FORWARD -i eth2 -o eth1 -s 192.168.2.0/24 \
-m state --state NEW -j ACCEPT

iptables -A -t nat POSTROUTING -o eth1 -j SNAT \
--to-source 192.168.1.254

echo "1" > /proc/sys/net/ipv4/ip_forward
Last edited by win32sux; 04-06-2006 at 06:54 AM.
 
Old 04-06-2006, 03:51 PM   #3
marco-slack
LQ Newbie
 
Registered: Apr 2006
Posts: 5

Original Poster
Rep: Reputation: 0
Great, now it works

Thanks very much
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Looking Forward alexvayn LinuxQuestions.org Member Intro 1 03-14-2006 10:30 AM
forward ip to another patvrs Linux - Networking 4 07-14-2005 05:28 PM
ip forward syl20 Linux - Networking 5 12-03-2004 10:25 AM
I want .forward to not forward attachments nigelj12 Linux - Software 1 09-30-2004 03:13 PM
cant see .forward file in home directory >> mail forward/copy steve_babbage Linux - Newbie 0 03-02-2004 06:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:30 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration