LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-02-2004, 06:19 PM   #1
one.eleven
LQ Newbie
 
Registered: Dec 2003
Distribution: debian woody
Posts: 16

Rep: Reputation: 0
Unhappy packet forwarding?


hi there,

trying to build a home gateway with debian, got two nics running,

eth0 conects to outside and works fine
eth1 conects to SWITCH and Windows and pings fine

if I IFCONFIG eth0 DOWN to test to reach the ADSL gateway with eth1 i get a time out but i can ping to the IP of eth0

what might be the problem, packet forwarding? how do i move on to get my network running.

im also thankful for good links
tp://newbiedoc.sourceforge.net/networking/homegateway.html
tp://eressea.pikus.net/~pikus/plug_firewall/page0.html
this ones didnt really solve my problemes

one.eleven
 
Old 01-02-2004, 06:54 PM   #2
ash4stuff
Member
 
Registered: Aug 2003
Location: Viena
Distribution: Debian Sarge
Posts: 139

Rep: Reputation: 15
what kernel r u using, did you compile ipchains/iptables in your kernel, did you configure correctly ipchains or iptables?
 
Old 01-02-2004, 07:12 PM   #3
one.eleven
LQ Newbie
 
Registered: Dec 2003
Distribution: debian woody
Posts: 16

Original Poster
Rep: Reputation: 0
thanx

kernel 2.4.18-bf2.4... how can i check my kernel easy.. sorry im a total green horn

acording to lsmod | grep ip_tables i got the module ip_tables and others loaded.. well only after i manualy loaded it : modprobe ip_tables

gruss aus basel one.eleven
 
Old 01-03-2004, 01:54 PM   #4
one.eleven
LQ Newbie
 
Registered: Dec 2003
Distribution: debian woody
Posts: 16

Original Poster
Rep: Reputation: 0
Uhuu any hints on next moves about my ip_tables or packet forwarding problem .. really dont know were to start.

Does it make sense to work on the firewalling scripts befor i get a ping from eth1 to the gateway or is exactly the missing scrips the problem?

thanx 1.11
 
Old 01-03-2004, 06:34 PM   #5
ash4stuff
Member
 
Registered: Aug 2003
Location: Viena
Distribution: Debian Sarge
Posts: 139

Rep: Reputation: 15
you get kernel info with:
uname -a

I dont think youll get a "direct" ping without setting up iptables. Ive never tried.

Ill put a second nic on my computer at home and go through it tommorow afternoon. Just a question, will this getway only be a gateway, or will it have other functions. You might want to try freesco or similar, you can run it on a floppy until you get your debian gateway running.

Ashley
 
Old 01-03-2004, 06:35 PM   #6
ash4stuff
Member
 
Registered: Aug 2003
Location: Viena
Distribution: Debian Sarge
Posts: 139

Rep: Reputation: 15
by the way, a good iptables tutorial:

http://iptables-tutorial.frozentux.net/
 
Old 01-03-2004, 07:11 PM   #7
one.eleven
LQ Newbie
 
Registered: Dec 2003
Distribution: debian woody
Posts: 16

Original Poster
Rep: Reputation: 0
hi ash4stuff, thank you

well i am learning by doing so i m not totaly sure. my setup plan is:

Phone line ---- ADSL ethernet modem (ZyXEL,P650)-- cat5 cable--(HP-Vectra, Debian with two nics) ------- 5portSwitch ------- Clients(XPLaptop/Win95laptop/maybe more WS)


I got a stable Debian running, got the two Nics setup, I work only with static IP's, Pinging across the Swich is ok, Problem with eth1 pinging the Gateway (ADSL Modem) aswell with the Clients, no echos from eth0 nor Gateway.

I plan, when all the Routing and Firewalling is ok, to challange myself with SAMBA .. next steps.. I ll go through the tutorial tomorrow.

night Ashley, one.eleven
 
Old 01-03-2004, 09:22 PM   #8
fataldata
Member
 
Registered: Jun 2002
Location: Breckenridge, Colorado
Distribution: Ubuntu Hardy 8.04
Posts: 101

Rep: Reputation: 15
I got this working after a bit of reading and now I use it to firewall my neighbors on my Internet connection.
One sneaky little tip was that IP forwarding was not enabled on my kernel. To do so I entered this:<br>
echo "1" > /proc/sys/net/ipv4/ip_forward
<br>
I used the following info to make my box boot as a firewall.
rc.firewall-2.4 script here:
http://www.ecst.csuchico.edu/~dranch...dex-linux.html
 
Old 01-04-2004, 05:54 AM   #9
one.eleven
LQ Newbie
 
Registered: Dec 2003
Distribution: debian woody
Posts: 16

Original Poster
Rep: Reputation: 0
hi fataldata, thanx

I have actually checkt that file numeros times and the value is set to "1" aswell does the start up info have a line saying "configuering ipforwarding done". I' ll now go over the tutorials.

one.eleven
 
Old 01-04-2004, 08:08 AM   #10
one.eleven
LQ Newbie
 
Registered: Dec 2003
Distribution: debian woody
Posts: 16

Original Poster
Rep: Reputation: 0
Might my problem be related to routing and/or subnetmasks ?? will read up on this now.. just in case somebody has time and feels like helping i add some route -n output with diffrent loaded interfaces and some pinging coments..

debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
debian:/home/lolo#
#pinging from Clients to eth1, eth0 and gateway not possiblee


debian:/home/lolo# ifconfig eth0 down
debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
debian:/home/lolo#
#pinging from Clients to eth1, eth0 possible, gateway not accessable

debian:/home/lolo# ifconfig eth0 up
debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
debian:/home/lolo#
#pinging from Clients to eth1, eth0 possible, gateway not accessable

debian:/home/lolo# /etc/init.d/networking restart
Reconfiguring network interfaces: SIOCDELRT: No such process
done.
debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
debian:/home/lolo#
#pinging from Clients to eth1, eth0 and gateway not possible
 
Old 01-04-2004, 07:17 PM   #11
fataldata
Member
 
Registered: Jun 2002
Location: Breckenridge, Colorado
Distribution: Ubuntu Hardy 8.04
Posts: 101

Rep: Reputation: 15
What is eth1's address? Looks to me that both eth0 and eth1 are on the same subnet?
When I ->[user@host sbin]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0 eth0
Showing 2 networks one on eth0 and one on eth1.
----Here is my ifconfig -------
eth0 Link encap:Ethernet HWaddr 00:00:00:5D:7F:79
inet addr:192.168.2.253 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth1 Link encap:Ethernet HWaddr 00:C0:F0:00:00:C0
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 
Old 01-05-2004, 06:00 AM   #12
one.eleven
LQ Newbie
 
Registered: Dec 2003
Distribution: debian woody
Posts: 16

Original Poster
Rep: Reputation: 0
HI
thanx,

so that is funny. youir eth0 is external and eth1 internal??
you got three diffrent destinations (-net) and two subnets. are you using a DHCP Switch? (because of 169.254.0.0) any how .. your stuff workes.. and mine is dead .. now what do you sugest how do I get my debian configured to look like yours.. with " add route " comands? Additionaly my local route "lo" got lost during the last nights.. . do you think a reinstall solves some of my paine?

greets one.eleven
 
Old 01-05-2004, 01:47 PM   #13
fataldata
Member
 
Registered: Jun 2002
Location: Breckenridge, Colorado
Distribution: Ubuntu Hardy 8.04
Posts: 101

Rep: Reputation: 15
The 169.254.0.0 address is a hardware address(just ignore it). Therefore there are 2 nets. The 192.168.1.0/24 and 192.168.2.0/24 . The last line indicates that the default route(0.0.0.0) is to 192.168.2.254 through eth0. Your Default route is to 192.168.1.1 through eth0. So 192.168.1.1 should be your gateway router. And eth0 should have an IP in the 192.168.1.0/24 subnet.

This firewall is behind my Linksys Cable router at 192.168.2.254 and seperates my neighbors who are on the 192.168.1.0/24 network using this box as there gateway(192.168.1.1)

I think you need to give one of your ethernet interfaces another IP on a different subnet (like 192.166.2.1/24)

Basically the confusion seems to be where to route packets to 192.168.1.0/24. From your Route command it seems that you send packets to both interfaces. Please post your eth IP addresses then I might be able to help.
 
Old 01-06-2004, 03:32 AM   #14
one.eleven
LQ Newbie
 
Registered: Dec 2003
Distribution: debian woody
Posts: 16

Original Poster
Rep: Reputation: 0
hi and thanx again,

listen i changend my IP like you mentined but i seem to have the same functions as before .. and the same problem still cant ping to my Cabel ADSL modem from my Clients. new routign tables and if config look like this:

eth0 Link encap:Ethernet HWaddr 00:E0:7D:FF:91:80
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:323 errors:0 dropped:0 overruns:0 frame:0
TX packets:397 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:175675 (171.5 KiB) TX bytes:57996 (56.6 KiB)
Interrupt:9 Base address:0xac00

eth1 Link encap:Ethernet HWaddr 00:A0:C9:E3:73:44
inet addr:192.168.2.4 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:53 errors:0 dropped:0 overruns:0 frame:0
TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:4967 (4.8 KiB) TX bytes:8149 (7.9 KiB)
Interrupt:10 Base address:0xa000

debian:/home/lolo# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
debian:/home/lolo#

auto lo
iface lo inet loopback

## The first network card - this entry was created during the Debian installation
#(network, broadcast and gateway are optional)

auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

auto eth1
iface eth1 inet static
address 192.168.2.4
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255

any plan???
 
Old 01-06-2004, 11:36 AM   #15
fataldata
Member
 
Registered: Jun 2002
Location: Breckenridge, Colorado
Distribution: Ubuntu Hardy 8.04
Posts: 101

Rep: Reputation: 15
Looks good to me now. Can you surf on the Linux box? Can you ping your network with the Linux box? If not my guess is that your firewall is blocking something. Here is my IPTABLES -L (definitely not a secure example but it forwards packets):
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Also you have to have the nat table setup for POSTROUTING:
[root@host /]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Sorry if I'm not being helpful but I'm still a noob and It's all I can think of:
When I set it up there seemed to be three steps.
1. Set up IPFORWARDING with echo "1" > /proc/sys/net/ipv4/ip_forward
2. Set up IPTABLES for FORWARDING.
3. Set up IPTABLES for POSTROUTING
All 3 of these steps were accomplished with the rc.firewall-2.4 script I referenced earlier. All I had to do was edit the variables in the script for my network.

Good Luck I'm not sure I can offer any more suggestions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Packet and Port forwarding umeshbabu Linux - Networking 1 08-21-2005 11:43 PM
packet fragmentation in packet forwarding code cranium2004 Linux - Networking 0 05-16-2005 04:05 AM
How to enable packet forwarding davidho3 Linux - Networking 2 10-12-2004 10:45 AM
port forwarding and packet forwarding syrtsardo Linux - Newbie 2 07-03-2003 10:37 AM
kernel packet forwarding doodah Linux - Networking 4 08-17-2001 08:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration