packet forwarding?
 

hi there,

trying to build a home gateway with debian, got two nics running,

eth0 conects to outside and works fine
eth1 conects to SWITCH and Windows and pings fine

if I IFCONFIG eth0 DOWN to test to reach the ADSL gateway with eth1 i get a time out but i can ping to the IP of eth0

what might be the problem, packet forwarding? how do i move on to get my network running.

im also thankful for good links
tp://newbiedoc.sourceforge.net/networking/homegateway.html
tp://eressea.pikus.net/~pikus/plug_firewall/page0.html
this ones didnt really solve my problemes

one.eleven

what kernel r u using, did you compile ipchains/iptables in your kernel, did you configure correctly ipchains or iptables?

thanx

kernel 2.4.18-bf2.4... how can i check my kernel easy.. sorry im a total green horn

acording to lsmod | grep ip_tables i got the module ip_tables and others loaded.. well only after i manualy loaded it : modprobe ip_tables

gruss aus basel one.eleven

Uhuu any hints on next moves about my ip_tables or packet forwarding problem .. really dont know were to start.

Does it make sense to work on the firewalling scripts befor i get a ping from eth1 to the gateway or is exactly the missing scrips the problem?

thanx 1.11

you get kernel info with:
uname -a

I dont think youll get a "direct" ping without setting up iptables. Ive never tried.

Ill put a second nic on my computer at home and go through it tommorow afternoon. Just a question, will this getway only be a gateway, or will it have other functions. You might want to try freesco or similar, you can run it on a floppy until you get your debian gateway running.

Ashley

by the way, a good iptables tutorial:

http://iptables-tutorial.frozentux.net/

hi ash4stuff, thank you

well i am learning by doing so i m not totaly sure. my setup plan is:

Phone line ---- ADSL ethernet modem (ZyXEL,P650)-- cat5 cable--(HP-Vectra, Debian with two nics) ------- 5portSwitch ------- Clients(XPLaptop/Win95laptop/maybe more WS)


I got a stable Debian running, got the two Nics setup, I work only with static IP's, Pinging across the Swich is ok, Problem with eth1 pinging the Gateway (ADSL Modem) aswell with the Clients, no echos from eth0 nor Gateway.

I plan, when all the Routing and Firewalling is ok, to challange myself with SAMBA .. next steps.. :) I ll go through the tutorial tomorrow.

night Ashley, one.eleven

I got this working after a bit of reading and now I use it to firewall my neighbors on my Internet connection.
One sneaky little tip was that IP forwarding was not enabled on my kernel. To do so I entered this:<br>
echo "1" > /proc/sys/net/ipv4/ip_forward
<br>
I used the following info to make my box boot as a firewall.
rc.firewall-2.4 script here:
http://www.ecst.csuchico.edu/~dranch...dex-linux.html

hi fataldata, thanx

I have actually checkt that file numeros times and the value is set to "1" aswell does the start up info have a line saying "configuering ipforwarding done". I' ll now go over the tutorials.

one.eleven

Might my problem be related to routing and/or subnetmasks ?? will read up on this now.. just in case somebody has time and feels like helping i add some route -n output with diffrent loaded interfaces and some pinging coments..

debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
debian:/home/lolo#
#pinging from Clients to eth1, eth0 and gateway not possiblee


debian:/home/lolo# ifconfig eth0 down
debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
debian:/home/lolo#
#pinging from Clients to eth1, eth0 possible, gateway not accessable

debian:/home/lolo# ifconfig eth0 up
debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
debian:/home/lolo#
#pinging from Clients to eth1, eth0 possible, gateway not accessable

debian:/home/lolo# /etc/init.d/networking restart
Reconfiguring network interfaces: SIOCDELRT: No such process
done.
debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
debian:/home/lolo#
#pinging from Clients to eth1, eth0 and gateway not possible

What is eth1's address? Looks to me that both eth0 and eth1 are on the same subnet?
When I ->[user@host sbin]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 eth0
Showing 2 networks one on eth0 and one on eth1.
----Here is my ifconfig -------
eth0 Link encap:Ethernet HWaddr 00:00:00:5D:7F:79
inet addr:192.168.2.253 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth1 Link encap:Ethernet HWaddr 00:C0:F0:00:00:C0
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

HI
thanx,

so that is funny. youir eth0 is external and eth1 internal??
you got three diffrent destinations (-net) and two subnets. are you using a DHCP Switch? (because of 169.254.0.0) any how .. your stuff workes.. and mine is dead .. now what do you sugest how do I get my debian configured to look like yours.. with " add route " comands? Additionaly my local route "lo" got lost during the last nights.. . do you think a reinstall solves some of my paine?

greets one.eleven

The 169.254.0.0 address is a hardware address(just ignore it). Therefore there are 2 nets. The 192.168.1.0/24 and 192.168.2.0/24 . The last line indicates that the default route(0.0.0.0) is to 192.168.2.254 through eth0. Your Default route is to 192.168.1.1 through eth0. So 192.168.1.1 should be your gateway router. And eth0 should have an IP in the 192.168.1.0/24 subnet.

This firewall is behind my Linksys Cable router at 192.168.2.254 and seperates my neighbors who are on the 192.168.1.0/24 network using this box as there gateway(192.168.1.1)

I think you need to give one of your ethernet interfaces another IP on a different subnet (like 192.166.2.1/24)

Basically the confusion seems to be where to route packets to 192.168.1.0/24. From your Route command it seems that you send packets to both interfaces. Please post your eth IP addresses then I might be able to help.

hi and thanx again,

listen i changend my IP like you mentined but i seem to have the same functions as before .. and the same problem ;) still cant ping to my Cabel ADSL modem from my Clients. new routign tables and if config look like this:

eth0 Link encap:Ethernet HWaddr 00:E0:7D:FF:91:80
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:323 errors:0 dropped:0 overruns:0 frame:0
TX packets:397 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:175675 (171.5 KiB) TX bytes:57996 (56.6 KiB)
Interrupt:9 Base address:0xac00

eth1 Link encap:Ethernet HWaddr 00:A0:C9:E3:73:44
inet addr:192.168.2.4 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4967 (4.8 KiB) TX bytes:8149 (7.9 KiB)
Interrupt:10 Base address:0xa000

debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
debian:/home/lolo#

auto lo
iface lo inet loopback

## The first network card - this entry was created during the Debian installation
#(network, broadcast and gateway are optional)

auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth1
iface eth1 inet static
address 192.168.2.4
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

any plan???

Looks good to me now. Can you surf on the Linux box? Can you ping your network with the Linux box? If not my guess is that your firewall is blocking something. Here is my IPTABLES -L (definitely not a secure example but it forwards packets):
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Also you have to have the nat table setup for POSTROUTING:
[root@host /]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Sorry if I'm not being helpful but I'm still a noob and It's all I can think of:
When I set it up there seemed to be three steps.
1. Set up IPFORWARDING with echo "1" > /proc/sys/net/ipv4/ip_forward
2. Set up IPTABLES for FORWARDING.
3. Set up IPTABLES for POSTROUTING
All 3 of these steps were accomplished with the rc.firewall-2.4 script I referenced earlier. All I had to do was edit the variables in the script for my network.

Good Luck I'm not sure I can offer any more suggestions.