Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The router is a standard ADSL modem with DHCP and Wireless, however everything apart from ADSL will be disabled so that the server can take it over, the main reason is so that I can have the option of doing more complex firewall configuration than the router. I also want to be able to do transparent proxying.
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
Firewall configuration
I have tried no firewall and configuring the firewall using FireHOL, both have no affect.
I don't think I need to iptables to get things working as all I am trying to get is packets to hop from one interface to another, the router is handling the NAT, surely I don't need to NAT twice do I?
Any suggestions on bad assumptions or poor config is appreciated.
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
Don't set a gateway in the ifcfg-eth1 file. Ip_fowarding handles the routing for you. Also to make sure all lan machines 192.168.1.2-10 set the gateway on them to 192.168.1.1
I have updated the sections as suggested above. I also tried changing the DNS servers on the DHCP, wondering whether everything went through the gateway and then on. My main test which shows that there is something definetely weird happening is the fact that at present there are some machines connected to the 192.168.0.1 network, I however cannot ping any of those with an error of 'Destination Host Unreachable', but I can ping 192.168.0.1??!!?! I have also tried different firewall settings, I have now left it as Disabled.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Taking the assumption that the output interface is the target network's interface (eth1). I also tried eth0 in case my assumption was incorrect, still no joy.
I tried doing a ping while logged into the server to the other machines on the 192.168.0.1/24 network and I am still getting the same error. I can ping 192.168.1.1, however, I don't know whether this is working because the config is correct or becuase it is being pumped through localhost without saying so.
Code:
PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data.
From 192.168.0.20 icmp_seq=2 Destination Host Unreachable
From 192.168.0.20 icmp_seq=3 Destination Host Unreachable
I am starting to think that there is something wrong with the router as this is simple stuff that I have managed to get working before.
I forgot to add, in the final setup I don't need any kind of access for machines connected to the 192.168.0.1/24 network apart from the server, in essence, I am cascading the two routers, with the netgear being my wan termination point and my linux box doing the more complex firewall rules, serving the private network.
I gave the server a reboot and I can now ping everything on the 192.168.0.1 network, I will attempt to hook up something onto the 1.1 network tonight and see whether things have improved :-). Many thanks datapdog and Brian so far, hopefully I can put this sorry saga to bed...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.