LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-22-2011, 07:28 AM   #1
Annielover
Member
 
Registered: May 2011
Location: Belgium
Distribution: Ubuntu Server Edition, Fedora 16
Posts: 90

Rep: Reputation: 8
Unable to use IP forwarding


Hello,

I want my Linux Ubuntu Server act as an internal router, so routing between two local subnets, no NAT.

This is what I have:
/etc/network/interfaces
Code:
auto eth0
iface eth0 inet static
        address 192.168.1.2
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

auto eth1
iface eth1 inet static
        address 172.16.0.1
        netmask 255.255.0.0
        network 172.16.0.0
        broadcast 172.16.0.255
route
Code:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
172.16.0.0      *               255.255.0.0     U     0      0        0 eth1
default         192.168.1.1     0.0.0.0         UG    100    0        0 eth0
I have no IPTABLES configured:
Code:
Chain INPUT (policy ACCEPT 39642 packets, 1707K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 6 packets, 288 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 39796 packets, 19M bytes)
 pkts bytes target     prot opt in     out     source               destination

Output of the sudo cat /proc/sys/net/ipv4/ip_forward

1

I also configured the dhcp server to only listen on interface eth1.
When I connect my laptop to the server, I recieve following IP address:
address: 172.16.0.2
mask: 255.255.0.0
gateway: 172.16.0.1
DNS: 172.16.0.1

I can ping the eth1 interface:
ping 172.16.0.1 => success!

I ALSO can ping the eth0 interface: (still from the same laptop)
ping 192.168.1.2 => success!

But when I attached another laptop using static IP at eth0, I'm UNABLE to connect...
ping 192.168.1.5 => fail!

So apperantly, it does not forward the packets...
What am I doing wrong?

Thanks!
 
Old 10-22-2011, 09:38 AM   #2
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,191

Rep: Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039
The contents of this post:
http://www.linuxquestions.org/questi...ml#post3877086
should give you some information how to set up plain routing. It is not limited to your problem, you should pick what is applicable.

In this problem it is not clear what the IP of the last laptop is, the route in that laptop and what you try to ping from where.

Remember also that when you do not use NAT, every host must have a gateway set to the host which is connecting the two subnets. In your case, any computer belonging to the 192.168.1.nnn subnet should have either a default gw to 192.168.1.2, or a specific gw for 172.16.nnn.nnn to 192.168.1.2. You can also set both (a) specific gateway to (a) certain subnet(s), and a default gw for everything not specified.

jlinkels
 
Old 10-22-2011, 11:16 AM   #3
xywang
LQ Newbie
 
Registered: Oct 2011
Posts: 4

Rep: Reputation: Disabled
can you arm 2 tcpdump commands on eth0 and eth1 and ping from the laptop to an external IP on the other side, and see of the router is really forwarding the icmp request packets out and forwarding the icmp response packets in?

run 'tcpdump -n -i eth0 icmp' in terminal 1
run 'tcpdump -n -i eth1 icmp' in terminal 2

from laptop (assume 192.168.1.5) ping 172.16.x.x)

sometimes the routing works but the laptop maybe blocking incoming icmp.
 
Old 10-22-2011, 12:51 PM   #4
Annielover
Member
 
Registered: May 2011
Location: Belgium
Distribution: Ubuntu Server Edition, Fedora 16
Posts: 90

Original Poster
Rep: Reputation: 8
Okay, here is a network topology diagram of my internal network:

== attachment ==

Now I am able to ping from laptop 1 with IP address 192.168.100.2 to laptop 2 with IP address 192.168.1.5!
That works fine, so actually my routing works...

But when I try to ping to my internet gateway (192.168.1.1), which is on the same subnet as laptop 2 (192.168.1.0),
it DOES NOT work.
Error message:
Code:
request timed out.
However, when I execute the tracert command from laptop 2 with IP address 192.168.100.2, it resolves the DNS website name.
I.E.:
Code:
tracert to www.google.com [78.126.89.123]
But I cannot browse the internet with Firefox...

So maybe my internet gateway router is misconfigured?
Attached Thumbnails
Click image for larger version

Name:	Topology.PNG
Views:	12
Size:	13.2 KB
ID:	8220  
 
Old 10-22-2011, 03:53 PM   #5
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,191

Rep: Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039
Your internet gateway has to know the route back to 192.168.100.nnn. So the internet gateway has to have a route like:
Code:
Destination        Gateway
192.168.100.0      192.168.1.2
jlinkels
 
Old 10-23-2011, 09:16 AM   #6
Annielover
Member
 
Registered: May 2011
Location: Belgium
Distribution: Ubuntu Server Edition, Fedora 16
Posts: 90

Original Poster
Rep: Reputation: 8
Thanks, that worked! I'm able to ping my internet gateway router now!

But I still can't ping a website outside the LAN...
I encountered an error message like "no IP for NAT" in my router.


But when I connect directly to the internet gateway, I do have internet...
So when I ping from a computer behind my Linux router, it won't work... (so no internet), otherwise it does.

Maybe I misconfigured the Linux router? Shouldn't I enable DNS forwarding?

FYI: The IP settings of laptop 1 (behind the Linux router) are:
Code:
IP: 192.168.100.3
mask: 255.255.255.0
gw: 192.168.100.1
DNS1: 192.168.100.1
DNS2: 8.8.8.8
That won't work...

FYI: The IP settings of laptop 2 (NOT behind the Linux router) are:
Code:
IP: 192.168.1.3
mask: 255.255.255.0
gw: 192.168.1.1
DNS1: 192.168.1.1
DNS2: 8.8.8.8
This is working...

What could be the problem?
 
Old 10-23-2011, 10:18 AM   #7
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,191

Rep: Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039Reputation: 1039
Sounds to me like your internet gateway refuses to route any packets which do not originate from the local network. The local network as considered by your internet gateway is 192.168.1.xxx because those addresses are in its DHCP range and on its internal port. 192.168.100.xxx is not considered local by your gateway in this case.

This is not uncommon, in my own firewall I have this rule as well to make sure hosts which do not belong to my internal network can access the internet. When I put different IP ranges in my LAN, I had to change these rules. I hope you can access those settings in your internet gateway.

DNS forwarding doesn't have anything to do with this. If you wish use numerical addresses (74.125.229.209) instead of www.google.com so no DNS is used at all.

jlinkels
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
X-forwarding in slack over SSH - unable to open display Old_Fogie Slackware 9 08-04-2012 03:01 PM
Unable to allocate port with port forwarding software djeepp Linux - Networking 3 01-29-2008 07:28 AM
Unable to get X11 port forwarding to work in SSH Windowns Solaris / OpenSolaris 19 09-28-2006 05:52 AM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 12:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration