How to enable ip forwarding (to make a simple router)

prabhatsoni · 03-30-2005, 03:13 AM

Hello everybody,

I have a FC3 desktop.
I want to use it for very simple routing. It is easy to give a few network commands and do it. But the problem is that the ip forwarding is not enabled in the kernel (the first number on the second line of the file /proc/net/snmp is "0" - Am I right in this interpretation ?). Without enabling this the system will not forward ip packets from one interface to another.

How can I enable this ?

Can any of the gurus (or gurus-in-waiting) guide me in this ?

Thanks in advance.

Prabhat Soni

bathory · 03-30-2005, 03:19 AM

The simplest way is:

Code:

echo "1" > /proc/sys/net/ipv4/ip_forward

Regards

prabhatsoni · 03-30-2005, 03:42 AM

Thanks Mr. Bathory

This should work. I will try and let you know.

I will tell you what I am trying to do, though.

At present I am accessing internet from my home PC through a squid server on a laptop. My home PC is connected to the laptop-squid through eth. The problem with this set is that I am able to do surfing/browsing only. I want to listen to online news with real player -I cannot do. I want to play online games -I cannot do.
My first query is: Is it possible to undertake both the activities with the existing set up.

I Feel that if I configure my laptop as a mini router between my home PC on one hand and the PPP interface (to internet) on other hand, and then in my home PC, declare the laptop as the default gateway - I should be able to play online games, listen to online news, etc etc. My second query is simple: Am I right in believing so.

Thanks again for the useful suggestion.

Prabhat Soni

bathory · 03-30-2005, 06:19 AM

You're right.
You must configure your laptop as a router/firewall to allow outgoing traffic and block unwanted incoming traffic.
It's possible though to setup squid for other protocols such as real-audio etc. But the first solution is more secure.

Regards

prabhatsoni · 03-30-2005, 09:39 AM

Thanks once again.

Now It is not working.
The setup:
Laptop with squid -eth0- 192.168.168.2
PC -eth0 - 192.168.168.1
Laptop -ppp0- 142.62.32.3
ISP - ppp0 address -142.62.32.19

Next - I gave command echo "1" > /proc/sys/net/ipv4/ip_forward

Then added default route in my home PC:
route add -net default eth0

With this set up I should be able to ping 142.62.32.19 - But I am not.
I can ping ppp0 interface 142.62.32.3 - implying that the default route created in the pc is ok.
I need not mention that I can ping the eth0 interfaces (from both ) of each other, and that I can browse internet from both the nodes - the possibility of network being down is not there.

Laptop kernel routing table:

Code:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
142.62.32.19     0.0.0.0         255.255.255.255   UH    0     0      0    ppp0
192.168.168.0   0.0.0.0          255.255.255.252   U     0     0      0    eth0
169.254.0.0     0.0.0.0          255.255.0.0       U     0     0      0    lo
0.0.0.0         142.62.32.19     0.0.0.0           UG    0     0      0    ppp0

Code:

PC kernel routing table:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.168.0   0.0.0.0         255.255.255.252 U      0      0      0   eth0
0.0.0.0         0.0.0.0         0.0.0.0         U      0      0      0   ppp0

Only possiblity - the ip forwarding is not working !!!

Am I missing out on something ? In the simplest of the configuration as above this should work.

Prabhat Soni

bathory · 03-30-2005, 10:07 AM

Run:

Code:

route add default gw 192.168.0.2

at your PC to set your laptop as a gateway and test again using "traceroute" to see if you reach gateway and how the packets are routed.

Regards

prabhatsoni · 03-30-2005, 10:22 AM

Thanks a lot,

I did what you suggested.

In the traceroute I find that the packet is indeed reaching the gateway (the laptop - 192,168.168.2). But after that it is all starts - A lot of stars.

How to go about it now ?

Prabhat Soni

bathory · 03-30-2005, 10:52 AM

That's normal if your ISP block ICMP packets. Use a browser to see if you can visit any sites.

prabhatsoni · 03-31-2005, 08:44 AM

Hello Mr. Bathory

My ISP is not blokcing ICMP packets, becasue I can give "traceroute yahoo.com" from my laptop and get the trace.
Nevertheless I tried to browse, but the browser kept on saying "loading..." and then timed out.

I tried one more thing:
I ran the named server named on my laptop and made appropriate entries in the PC's resolv.conf (nameserver 192.168.168.2 - first entry). Then I gave command " dig yahoo.com". This too timed out.

I feel this is indicative of deeper malaise.

What could be the reason. My packets are reaching the laptop. It is implied by the fact that the browser timed out rather than giving some other message. Also, the the first hop in the traceroute is the laptop. There seems to be only one reason - The ip forwarding is not working.
I checked the first number on the second line of the file /proc/net/snmp, and found it to be 1 indicating that the ip forwarding is enabled.

Is there any way by which I can check the ip forwarding in the laptop.

Prabhat Soni

frgtn · 03-31-2005, 12:56 PM

Hello
I don't know how did you configure your firewall, but there is a good howto on that subject here:
http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/
I hope it helps