Unable to use IP forwarding
Hello,
I want my Linux Ubuntu Server act as an internal router, so routing between two local subnets, no NAT. This is what I have: /etc/network/interfaces Code:
auto eth0 Code:
Destination Gateway Genmask Flags Metric Ref Use Iface Code:
Chain INPUT (policy ACCEPT 39642 packets, 1707K bytes) Output of the sudo cat /proc/sys/net/ipv4/ip_forward 1 I also configured the dhcp server to only listen on interface eth1. When I connect my laptop to the server, I recieve following IP address: address: 172.16.0.2 mask: 255.255.0.0 gateway: 172.16.0.1 DNS: 172.16.0.1 I can ping the eth1 interface: ping 172.16.0.1 => success! I ALSO can ping the eth0 interface: (still from the same laptop) ping 192.168.1.2 => success! But when I attached another laptop using static IP at eth0, I'm UNABLE to connect... ping 192.168.1.5 => fail! So apperantly, it does not forward the packets... What am I doing wrong? Thanks! |
The contents of this post:
http://www.linuxquestions.org/questi...ml#post3877086 should give you some information how to set up plain routing. It is not limited to your problem, you should pick what is applicable. In this problem it is not clear what the IP of the last laptop is, the route in that laptop and what you try to ping from where. Remember also that when you do not use NAT, every host must have a gateway set to the host which is connecting the two subnets. In your case, any computer belonging to the 192.168.1.nnn subnet should have either a default gw to 192.168.1.2, or a specific gw for 172.16.nnn.nnn to 192.168.1.2. You can also set both (a) specific gateway to (a) certain subnet(s), and a default gw for everything not specified. jlinkels |
can you arm 2 tcpdump commands on eth0 and eth1 and ping from the laptop to an external IP on the other side, and see of the router is really forwarding the icmp request packets out and forwarding the icmp response packets in?
run 'tcpdump -n -i eth0 icmp' in terminal 1 run 'tcpdump -n -i eth1 icmp' in terminal 2 from laptop (assume 192.168.1.5) ping 172.16.x.x) sometimes the routing works but the laptop maybe blocking incoming icmp. |
1 Attachment(s)
Okay, here is a network topology diagram of my internal network:
== attachment == Now I am able to ping from laptop 1 with IP address 192.168.100.2 to laptop 2 with IP address 192.168.1.5! That works fine, so actually my routing works... But when I try to ping to my internet gateway (192.168.1.1), which is on the same subnet as laptop 2 (192.168.1.0), it DOES NOT work. Error message: Code:
request timed out. I.E.: Code:
tracert to www.google.com [78.126.89.123] So maybe my internet gateway router is misconfigured? |
Your internet gateway has to know the route back to 192.168.100.nnn. So the internet gateway has to have a route like:
Code:
Destination Gateway |
Thanks, that worked! I'm able to ping my internet gateway router now!
But I still can't ping a website outside the LAN... I encountered an error message like "no IP for NAT" in my router. But when I connect directly to the internet gateway, I do have internet... So when I ping from a computer behind my Linux router, it won't work... (so no internet), otherwise it does. Maybe I misconfigured the Linux router? Shouldn't I enable DNS forwarding? FYI: The IP settings of laptop 1 (behind the Linux router) are: Code:
IP: 192.168.100.3 FYI: The IP settings of laptop 2 (NOT behind the Linux router) are: Code:
IP: 192.168.1.3 What could be the problem? |
Sounds to me like your internet gateway refuses to route any packets which do not originate from the local network. The local network as considered by your internet gateway is 192.168.1.xxx because those addresses are in its DHCP range and on its internal port. 192.168.100.xxx is not considered local by your gateway in this case.
This is not uncommon, in my own firewall I have this rule as well to make sure hosts which do not belong to my internal network can access the internet. When I put different IP ranges in my LAN, I had to change these rules. I hope you can access those settings in your internet gateway. DNS forwarding doesn't have anything to do with this. If you wish use numerical addresses (74.125.229.209) instead of www.google.com so no DNS is used at all. jlinkels |
All times are GMT -5. The time now is 05:06 PM. |