ip forwarding woes - Networking

This is a discussion on ip forwarding woes - Networking ; I'm trying to set up a firewall/gateway, and I can't seem to get ip forwarding to work. I'm using linux kernel 2.6.23 with iptables enabled. Here's what happens. The firewall machine has two interfaces (both on private networks, for testing ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: ip forwarding woes

  1. ip forwarding woes

    I'm trying to set up a firewall/gateway, and I can't seem to get
    ip forwarding to work. I'm using linux kernel 2.6.23 with iptables
    enabled. Here's what happens.

    The firewall machine has two interfaces (both on private networks, for
    testing purposes):

    IF IP Netmask
    eth0 192.168.0.1 255.255.255.0
    eth1 10.0.0.1 255.255.255.0

    This is the routing table:

    Destination Gateway Genmask Flags Metric Ref Use Iface
    192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

    I enable IP forwarding, with 'echo 1 >/proc/sys/net/ipv4/ip_forward'

    I have the iptables_* modules loaded (* = forward,nat,mangle,raw).
    There are no rules in any of the tables, but all have ACCEPT as the
    default policy.

    I have two other machines, one at 192.168.0.2 (connected to the same
    hub as firewall's eth0) and one at 10.0.0.2 (connected via crossover
    to firewall's eth1).

    From the firewall, I can ping both the other hosts.
    From either host, I can ping the firewall at both 192.160.0.1 and 10.0.0.1.

    With this setup, I expect to be able to ping 10.0.0.2 from 192.168.0.2
    (and vice versa), with packets routed through the firewall, but it
    doesn't work.

    What am I overlooking?

    I did try putting explicit iptables rules in the FILTER chain of the
    forward table, but it didn't make any difference.

    Any suggestions would be much appreciated.

    --
    David Zelinsky


  2. Re: ip forwarding woes

    Never mind, I found my mistake. The routing table of one of the hosts
    was not exactly as described below, and was causing return packets to be
    lost. I made the configuration actually agree with what I described and
    now it works. Sorry to bother people.

    David Zelinsky wrote:
    > I'm trying to set up a firewall/gateway, and I can't seem to get
    > ip forwarding to work. I'm using linux kernel 2.6.23 with iptables
    > enabled. Here's what happens.
    >
    > The firewall machine has two interfaces (both on private networks, for
    > testing purposes):
    >
    > IF IP Netmask
    > eth0 192.168.0.1 255.255.255.0
    > eth1 10.0.0.1 255.255.255.0
    >
    > This is the routing table:
    >
    > Destination Gateway Genmask Flags Metric Ref Use Iface
    > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    > 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
    >
    > I enable IP forwarding, with 'echo 1 >/proc/sys/net/ipv4/ip_forward'
    >
    > I have the iptables_* modules loaded (* = forward,nat,mangle,raw).
    > There are no rules in any of the tables, but all have ACCEPT as the
    > default policy.
    >
    > I have two other machines, one at 192.168.0.2 (connected to the same
    > hub as firewall's eth0) and one at 10.0.0.2 (connected via crossover
    > to firewall's eth1).
    >
    > From the firewall, I can ping both the other hosts.
    > From either host, I can ping the firewall at both 192.160.0.1 and 10.0.0.1.
    >
    > With this setup, I expect to be able to ping 10.0.0.2 from 192.168.0.2
    > (and vice versa), with packets routed through the firewall, but it
    > doesn't work.
    >
    > What am I overlooking?
    >
    > I did try putting explicit iptables rules in the FILTER chain of the
    > forward table, but it didn't make any difference.
    >
    > Any suggestions would be much appreciated.
    >


  3. Re: ip forwarding woes

    Could you write down your configuration? It's exactly the problem I'm
    trying to solve.. thanks a lot!

+ Reply to Thread