Hello guys,
This is my first writing here and ... as I am a newbie to linux I am
asking for your help.
Problem conditions:
-some kind of Intel computer (I don't remember the exact parameters)
-two NICs (3Com and RealTek)
-Red Hat Linux
-pptpd installed, working and even getting connected
The goal: turn the computer into a router with pptp support
Parameters and configurations:
less /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.2.8 ppp.example.com ppp
172.16.1.1 client-lan.example.com client-lan
less /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
less /etc/sysconfig/network-scripts/ifcfg-eth1
# 3Com Corporation 3c905C-TX/TX-M [Tornado]
DEVICE=eth1
BOOTPROTO=none
BROADCAST=192.168.2.255
HWADDR=00:04:75:84
A:5E
IPADDR=192.168.2.8
NETMASK=255.255.255.0
NETWORK=192.168.2.0
ONBOOT=yes
GATEWAY=192.168.2.1
TYPE=Ethernet
less /etc/sysconfig/network-scripts/ifcfg-eth0
# Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
DEVICE=eth0
BOOTPROTO=none
BROADCAST=172.16.255.255
HWADDR=00:4F:4E:11:CD:1F
IPADDR=172.16.1.1
NETMASK=255.255.0.0
NETWORK=172.16.0.0
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1
iptables -nvL
Chain INPUT (policy ACCEPT 275 packets, 27911 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 192.168.2.8 tcp dpt:1723
0 0 REJECT tcp -- eth0 * 0.0.0.0/0 172.16.1.1 tcp dpt:22 reject-with icmp-port-unreachable
0 0 REJECT tcp -- ppp0 * 0.0.0.0/0 172.16.1.1 tcp dpt:22 reject-with icmp-port-unreachable
0 0 REJECT tcp -- eth0 * 172.16.0.0/16 192.168.2.8 tcp dpt:22 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 7 packets, 432 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- ppp0 eth1 172.16.0.0/16 192.168.2.0/24 icmp type 255
0 0 ACCEPT icmp -- eth0 eth1 172.16.0.0/16 0.0.0.0/0 icmp type 255
Chain OUTPUT (policy ACCEPT 222 packets, 25434 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * eth0 172.16.1.1 0.0.0.0/0 tcp spt:22 reject-with icmp-port-unreachable
1 100 ACCEPT icmp -- * eth0 172.16.1.1 172.16.0.0/16 icmp type 255
Now my idea:
Internet------------->eth1<---------->eth0---->end users
At this stage and the configurations I've done I can do the following:
1. Get ping replys form eth0 and eth1 when I am on the 172.16.0.0/16.
2. Get ping replys from anywhere when I am on the router.
but I can't get nothing when I try this:
ping 192.168.2.1
(here I am doing this from 172.16.0.0/16)
Where I miss? Can you help me.