donalbane 03-11-2013 04:13 PM

Gateway computer configuration question
I have the following network configuration, with computer 1 connected to computer 2, which is connected to the Internet.

Computer 1
default gateway:

Computer 2
eth1: XXX.XXX.XXX.27
default gateway: XXX.XXX.XXX.254

Routing table on Computer 2:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface * U 0 0 0 eth3
XXX.XXX.XXX.0 * U 0 0 0 eth1 * U 0 0 0 eth2 * U 0 0 0 eth0
default XXX.XXX.XXX.254 UG 0 0 0 eth1

I have a firewall on Computer 2 that basically looks like this:

I want Computer 1 to be able to connect to the Internet through Computer 2. As a first step, I just want to be able to get a ping response from eth1 on Computer 2 from Computer 1. I can get a ping response from eth2, but not eth1. When I run tcpdump on Computer 2 I can see an ICMP request come in on eth0 and an ICMP reply come in on eth1, but I never see an ICMP reply go out on eth0.

Can anyone see what I need to add in order to be able to get a ping response from eth1 on Computer 1?


KinnowGrower 03-11-2013 09:38 PM

The firewall on that link has the rule

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

It seems this rule is causing the problem. Outside interface is eth0 but in this rule it is eth1, that does not seem correct. Can you try after replacing -i eth1 to -i eth0 in this rule?

donalbane 03-12-2013 11:49 AM

Thanks for your reply.

I ended up just giving up on getting a ping response from eth1, and just continuing on with my ultimate goal of getting from Computer 1 out to the Internet. For that purpose, everything works, so I'm not going to worry about it.


