LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Routing route and iptables [need explanation] (https://www.linuxquestions.org/questions/linux-networking-3/routing-route-and-iptables-%5Bneed-explanation%5D-867272/)

Hyakutake 03-08-2011 01:57 PM

Routing route and iptables [need explanation]
 
Hello all

First of all, sorry for the long post and thanks for your feedback.

For what I understand routing, in a simple analogy, is like a post office.
The post office receives a letter (packet) checks to where it goes (destination IP) and send the letter (packet) to the correct distribution office (device).

So, reading the packet and if on the routing table there's no matching (network/host) to the IP on the packet then it is forwarded to default so that another router can compare with its table.

Having some time I've decided to mess around with this.
I've set up the following network (btw, "old router" is an adsl modem/router)

[laptop] --- wifi --- [old router] --- cable --- [PC@eth1] (a) [PC@eth0] --- cable --- [cable modem] ---- internet

NOTE: Mark (a) is what makes my confusion.

I'm trying to allow the laptop to access the internet following the network above.
The network is set as bellow.

PC has two NIC's (eth0 and eth1).
"/proc/sys/net/ipv4/ip_forward" is "1"
eth1 is 192.168.1.2 (to old router)
eth0 is 10.101.10.1 (to cable modem)

On "old router" the dhcp pool is 192.168.1/254.
- Router has 192.168.1.1
- PC has 192.168.1.2
- Laptop has 192.168.1.3

The routing table (there's no default) on "old router" is:
192.168.1.0 *.*.*.* 255.255.255.0 br0

NOTE: br0 is a bridge for eth0 and wifi0 (not sure it is important in this case).

If i add default route on "old router" to point to 192.168.1.3 the packets are routed to PC.
Routing table now becomes:
192.168.1.0 *.*.*.* 255.255.255.0 br0
0.0.0.0 192.168.1.3 0.0.0.0 br0

To test this I traceroute to some random ip address and check that the packets are being routed to 192.168.1.2 (PC).

Once the packet gets to PC@eth1 the packet is lost.
Traceroute stops on 192.168.1.2
1 192.168.1.1 (192.168.1.1) XXXX ms XXXX ms XXXX ms
2 192.168.1.2 (192.168.1.2) XXXX ms XXXX ms XXXX ms
3 * * *
[...]

The routing table on PC is (10.101.10.10 is the cable modem).
192.168.1.0 *.*.*.* 255.255.255.0 eth1
10.101.10.0 *.*.*.* 255.255.255.0 eth0
0.0.0.0 10.101.10.10 0.0.0.0 eth0

Seeing the above situation why doesn't the packet gets routed to eth0 which is the default on the routing table? Shouldn't the kernel compare the packet ip to the table and send it the correct way?
What happens here?

I know one solution is to add some entries on iptables to forward the packets from eth1 to eth0. I just don't understand why the routing table isn't sufficient.

Regards,
hyakutake

ryanmission 03-08-2011 02:31 PM

Do you have NAT set up?

The best way (in my opinion) to troubleshoot what's going on on your network is to see it with your eyes.

1) ping google.com -t
(unlimited pings)

2) Run wireshark or tcpdump on PC@eth1 to see what the packet headers look like inside your priv network.

3) Then run wireshark or tcpdump again on PC@eth0 to see if you have any packets originating from your 192.168.1.x network being NAT'd to something like 10.101.10.1 (if you used masquerade NAT on PC@eth0).

See what you get..

Edit:

I think what's happening is you have this:

Internal 192.168.1.x network:
packet src 192.168.1.3
packet dst randomip or google.com
> this packet makes it to 192.168.1.2 (PC@eth1) and passes through your PC because of IPv4 forwarding being "1".

External 10.101.10.x network:
packet src 192.168.1.3
packet dst randomip or google.com
> this packet leaves your 192.168.1.x network and enters the 10.101.10.x network (PC@eth0) and then off to your ISP's router/switch on the other end (next hop).

After this, it gets dropped because of the private source IP...and even if it didnt get dropped, it wouldnt know it's way back to your home / private network anyways.

Also, is this 10.101.10.x ip assigned to you by your ISP?

Hyakutake 03-09-2011 10:56 AM

Hello ryanmission

Thanks for your feedback.
After checking traffic with tcpdump I see that the packets are being forwarded to "cable modem".
PC is not natting but "cable modem" is to access the internet. If I nat on PC then the network is OK and all packets are forwarded, but its not the solution that I'm after but understanding routing tables.

I believe that if I add a route to 10.101.10.x on device to PC at "cable modem" the packets will be forwarded without the need to NAT on PC.
I'm gonna test this if the crappy "cable modem" allows me to add any routing rules (hitron modem/gateway).

10.101.10.x is a second private network. It's not assigned by ISP.

BTW: Thanks for the tcpdump tip. It helped alot.

Regards,
hyakutake

timetraveler 03-09-2011 11:13 AM

...don't you need to have a masquerade on PC@eth0?

-A POSTROUTING -o eth0 -j MASQUERADE

Hyakutake 03-09-2011 11:39 AM

Hello timetraveler

The purpose is not to use iptables.
Nevertheless to make the net work I add the following to iptables, which (I think) is what you mean.

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

I just want to figure out how to do this with just routing tables, if it is possible.

Thanks and regards,
hyakuatke


All times are GMT -5. The time now is 01:08 PM.