Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-03-2013, 09:31 AM
|
#1
|
Member
Registered: Jan 2013
Posts: 32
Rep:
|
IPv4 Forwarding and ALLOW ALL
I've got a linux machine that is setup to be a router in this fashion:
192.168.0.0/22
|
|
192.168.1.16 (br0)
/
192.168.10.100 (br1)
|
|
192.168.10.0/24
All the hosts on the 192.168.10.0 network can ping eachother, their gateway (192.168.10.100) and anything on the 192.168.0.0 network (including it's gateway, 192.168.1.244) When I issue the command, "ping google.com" the DNS resolves it properly, but the ping never goes through. I cannot access the internet in any way from 192.168.10.0.
I have enable IP forwarding, and I have set up some rules in IPTABLES, but they confuse me, so I'm sure I'm not doing something right. I'd prefer to have direct access to/from each side of this routing box. Straight passthrough, no filtering, no security, etc, just direct routes in and out.
|
|
|
05-03-2013, 10:24 AM
|
#2
|
Member
Registered: Jan 2013
Posts: 32
Original Poster
Rep:
|
firewall not the issue?
It seems the network works exactly the same with or without the iptables firewall running, so I've disabled it to further test. Again, this is an internal gateway/router that should simply be providing access to/from the 192.168.10.0 network.
|
|
|
05-03-2013, 10:38 AM
|
#3
|
Member
Registered: Jan 2013
Posts: 32
Original Poster
Rep:
|
I digress, iptables did make a difference, so it's back on now.
|
|
|
05-03-2013, 02:03 PM
|
#4
|
Member
Registered: Jan 2013
Posts: 32
Original Poster
Rep:
|
Linksys Router
I was able to reproduce what I'm aiming for with a Cisco RVS 4000 Router. I simply setup the two conenctions, and disabled all security... BOOM got what I wanted... How do I do this simple task in iptables? Or even without iptables?
|
|
|
05-03-2013, 02:20 PM
|
#5
|
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
|
Some of my more 'creative' iptables stuff (code) I stole from http://www.cyberciti.biz/tips/linux-...allow-ssh.html
I hope it can be of help for you also.
Edit: Specifically, near the bottom of the page it reads:
Code:
# Allow incoming ssh only from IP 202.54.1.20
iptables -A INPUT -p tcp -s 202.54.1.20 -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d 202.54.1.20 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
Last edited by Habitual; 05-03-2013 at 02:22 PM.
|
|
|
05-06-2013, 03:34 PM
|
#6
|
Member
Registered: Jan 2013
Posts: 32
Original Poster
Rep:
|
Alright, I'm going to try to take unneeded confusion out of the mix.
-No iptables
-No virtual networking
Now my setup is as follows:
192.168.0.0/22 <----->192.168.1.16 | 192.168.10.100<---->192.168.10.0/24
I have a computer(A) on the 192.168.10.0/24 network. Its gateway is 192.168.10.100, and its IP is 192.168.10.5. It has a static route to 192.168.0.0/22 via 192.168.10.100.
I have a computer(B) on the 192.168.0.0/22 network. Its gateway is 192.168.1.244 and its IP is 192.168.1.242. It has a static route to 192.168.10.0/24 via 192.168.1.16.
I have a routing machine in between (VMHOST). VMHOST is setup with two nics; br0, which is assigned 192.168.1.16, and br1, which is assigned 192.168.10.100.
The default gateway for this machine is 192.168.1.244, and it is directly connected to both 192.168.0.0/22 and 192.168.10.0/24. I can access and ping Google.com successfully.
I have ipv4_forwarding turned on. Firewalls turned off.
From Host A, I can ping its gateway, 192.168.10.100. I can also ping the other side of the routing machine, 192.168.1.16, as well as any other address on the network with a static route to 192.168.10.0/24, including the "true" gateway, 192.168.1.244 (which has a static route in it.) I cannot ping google.com (unknown host.) I am able to ping my DNS servers, and my gateway, but I am unable to go any further. I cannot ping 8.8.8.8 (to test if DNS is an issue, which it is obviously not)
From Host B, I can ping its gateway, 192.168.1.244, as well as anything on the 192.168.10.0 network with a static route to 192.168.0.0/22. Host B is able to access the internet.
Anyone have any idea why the hell I can ping across my whole network, including all gateways, but I can't get out to the dang internet??
|
|
|
05-06-2013, 04:27 PM
|
#7
|
Member
Registered: Jan 2013
Posts: 32
Original Poster
Rep:
|
Solved
My firewall was blocking it because it was spoofed!! All set, thanks anyways!
|
|
|
All times are GMT -5. The time now is 10:20 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|