LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-08-2011, 01:57 PM   #1
Hyakutake
Member
 
Registered: Apr 2004
Location: Portugal
Distribution: Slackware
Posts: 154

Rep: Reputation: 19
Question Routing route and iptables [need explanation]


Hello all

First of all, sorry for the long post and thanks for your feedback.

For what I understand routing, in a simple analogy, is like a post office.
The post office receives a letter (packet) checks to where it goes (destination IP) and send the letter (packet) to the correct distribution office (device).

So, reading the packet and if on the routing table there's no matching (network/host) to the IP on the packet then it is forwarded to default so that another router can compare with its table.

Having some time I've decided to mess around with this.
I've set up the following network (btw, "old router" is an adsl modem/router)

[laptop] --- wifi --- [old router] --- cable --- [PC@eth1] (a) [PC@eth0] --- cable --- [cable modem] ---- internet

NOTE: Mark (a) is what makes my confusion.

I'm trying to allow the laptop to access the internet following the network above.
The network is set as bellow.

PC has two NIC's (eth0 and eth1).
"/proc/sys/net/ipv4/ip_forward" is "1"
eth1 is 192.168.1.2 (to old router)
eth0 is 10.101.10.1 (to cable modem)

On "old router" the dhcp pool is 192.168.1/254.
- Router has 192.168.1.1
- PC has 192.168.1.2
- Laptop has 192.168.1.3

The routing table (there's no default) on "old router" is:
192.168.1.0 *.*.*.* 255.255.255.0 br0

NOTE: br0 is a bridge for eth0 and wifi0 (not sure it is important in this case).

If i add default route on "old router" to point to 192.168.1.3 the packets are routed to PC.
Routing table now becomes:
192.168.1.0 *.*.*.* 255.255.255.0 br0
0.0.0.0 192.168.1.3 0.0.0.0 br0

To test this I traceroute to some random ip address and check that the packets are being routed to 192.168.1.2 (PC).

Once the packet gets to PC@eth1 the packet is lost.
Traceroute stops on 192.168.1.2
1 192.168.1.1 (192.168.1.1) XXXX ms XXXX ms XXXX ms
2 192.168.1.2 (192.168.1.2) XXXX ms XXXX ms XXXX ms
3 * * *
[...]

The routing table on PC is (10.101.10.10 is the cable modem).
192.168.1.0 *.*.*.* 255.255.255.0 eth1
10.101.10.0 *.*.*.* 255.255.255.0 eth0
0.0.0.0 10.101.10.10 0.0.0.0 eth0

Seeing the above situation why doesn't the packet gets routed to eth0 which is the default on the routing table? Shouldn't the kernel compare the packet ip to the table and send it the correct way?
What happens here?

I know one solution is to add some entries on iptables to forward the packets from eth1 to eth0. I just don't understand why the routing table isn't sufficient.

Regards,
hyakutake
 
Old 03-08-2011, 02:31 PM   #2
ryanmission
LQ Newbie
 
Registered: Mar 2011
Posts: 2

Rep: Reputation: 0
Do you have NAT set up?

The best way (in my opinion) to troubleshoot what's going on on your network is to see it with your eyes.

1) ping google.com -t
(unlimited pings)

2) Run wireshark or tcpdump on PC@eth1 to see what the packet headers look like inside your priv network.

3) Then run wireshark or tcpdump again on PC@eth0 to see if you have any packets originating from your 192.168.1.x network being NAT'd to something like 10.101.10.1 (if you used masquerade NAT on PC@eth0).

See what you get..

Edit:

I think what's happening is you have this:

Internal 192.168.1.x network:
packet src 192.168.1.3
packet dst randomip or google.com
> this packet makes it to 192.168.1.2 (PC@eth1) and passes through your PC because of IPv4 forwarding being "1".

External 10.101.10.x network:
packet src 192.168.1.3
packet dst randomip or google.com
> this packet leaves your 192.168.1.x network and enters the 10.101.10.x network (PC@eth0) and then off to your ISP's router/switch on the other end (next hop).

After this, it gets dropped because of the private source IP...and even if it didnt get dropped, it wouldnt know it's way back to your home / private network anyways.

Also, is this 10.101.10.x ip assigned to you by your ISP?

Last edited by ryanmission; 03-08-2011 at 02:42 PM. Reason: additional info
 
Old 03-09-2011, 10:56 AM   #3
Hyakutake
Member
 
Registered: Apr 2004
Location: Portugal
Distribution: Slackware
Posts: 154

Original Poster
Rep: Reputation: 19
Hello ryanmission

Thanks for your feedback.
After checking traffic with tcpdump I see that the packets are being forwarded to "cable modem".
PC is not natting but "cable modem" is to access the internet. If I nat on PC then the network is OK and all packets are forwarded, but its not the solution that I'm after but understanding routing tables.

I believe that if I add a route to 10.101.10.x on device to PC at "cable modem" the packets will be forwarded without the need to NAT on PC.
I'm gonna test this if the crappy "cable modem" allows me to add any routing rules (hitron modem/gateway).

10.101.10.x is a second private network. It's not assigned by ISP.

BTW: Thanks for the tcpdump tip. It helped alot.

Regards,
hyakutake
 
Old 03-09-2011, 11:13 AM   #4
timetraveler
Member
 
Registered: Apr 2010
Posts: 243
Blog Entries: 2

Rep: Reputation: 31
...don't you need to have a masquerade on PC@eth0?

-A POSTROUTING -o eth0 -j MASQUERADE
 
Old 03-09-2011, 11:39 AM   #5
Hyakutake
Member
 
Registered: Apr 2004
Location: Portugal
Distribution: Slackware
Posts: 154

Original Poster
Rep: Reputation: 19
Hello timetraveler

The purpose is not to use iptables.
Nevertheless to make the net work I add the following to iptables, which (I think) is what you mean.

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

I just want to figure out how to do this with just routing tables, if it is possible.

Thanks and regards,
hyakuatke
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
help me with routing (route command) active Linux - Networking 0 01-15-2009 12:54 AM
An explanation of my "route -n" output. uncle-c Linux - Newbie 4 12-02-2007 04:22 PM
need explanation on an iptables entry slackamp Fedora 4 11-07-2007 07:00 PM
iptables parameter explanation kpachopoulos Linux - Networking 1 03-01-2006 04:23 PM
a routing route???? mchitrakar Linux - Networking 4 07-11-2005 10:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration