From: Dennis Jacobfeuerborn <dennisml@conversis.de>
To: John Smithee <for-gmane@mutluit.com>, netfilter@vger.kernel.org
Subject: Re: Basic routing
Date: Sat, 04 Oct 2014 05:05:39 +0200 [thread overview]
Message-ID: <542F6403.8020609@conversis.de> (raw)
In-Reply-To: <m0nncm$t77$1@ger.gmane.org>
On 04.10.2014 04:52, John Smithee wrote:
> Neal Murphy wrote, On 10/04/2014 03:34 AM:
>> On Friday, October 03, 2014 09:10:58 PM John Smithee wrote:
>>> Hi,
>>>
>>> I've 2 NICs on a machine, both attached to seperate networks
>>> (192.168.68.0/24 and 192.168.69.0/24). I'm trying to set up a
>>> basic gateway (or routing?) between the two networks.
>>>
>>> Is this a classical routing issue or has this to be done via iptables?
>>
>> Standard networking, standard routing. Netfilter doesn't enter the
>> equation.
>>
>> The prime directive: every router must have explicit routes to all
>> networks it
>> can reach, except that the default route can eliminate many explicit
>> routes.
>> In other words, "These routes specify how to reach these LANs; packets
>> for all
>> other networks will be sent via the default route if it exists.
>> Packets for
>> which there is no route will be dribbled into the bit bucket." Note
>> the phrase
>> "every router"; it include all of your internal routers as well as your
>> perimeter (default) gateway.
>>
>> For a router to transmit a packet it must know *where* to send it. Your
>> machine must have explicit routes to networks reachable via
>> 192.168.68.X and
>> explicit routes to networks reachable via 192.168.69.Y, where the X and Y
>> addresses are the addresses of the routers that are gateways to those
>> other
>> LANs.
>> ----
>> ip route add 10.20.30.0/24 via 192.168.69.34
>> ip route add 192.168.128.0/17 via 192.168.68.200
>> etc.
>> ----
>>
>> If your 'internetwork' includes the universe (the Internet), you need a
>> default route (send all packets I don't have a route for to this
>> address).
>> ----
>> ip route add default via 192.168.68.254
>> ----
>
> Thx, yes this is indeed standard IP networking stuff, but unfortunately
> it still isn't working; there must be something more to it.
>
> I think the ping error text is perhaps misleading: I guess the ping request
> does reach the destination, but the answer packet from the ping reply
> gets not forwarded to the originating second interface eth1 (192.168.69.*).
>
> Ie. the the request from eth1 correctly goes out thru the eth0 interface
> and the reply comes as well over the same eth0 interface,
> but there is on the return path something missing to forward it from
> eth0 to eth1. Isn't it?
Have you tried doing a tcpdump on eth0 while the ping is running to see
if packets are actually leaving the system and/or returning?
Regards,
Dennis
next prev parent reply other threads:[~2014-10-04 3:05 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-04 1:10 Basic routing John Smithee
2014-10-04 1:24 ` John Smithee
2014-10-04 8:50 ` George Botye
2014-10-04 1:34 ` Neal Murphy
2014-10-04 2:52 ` John Smithee
2014-10-04 3:05 ` Dennis Jacobfeuerborn [this message]
2014-10-04 5:02 ` Neal Murphy
2014-10-04 7:04 ` John Lister
2014-10-04 11:06 ` John Smithee
2014-10-04 13:56 ` Thomas Bätzler
2014-10-04 15:07 ` John Smithee
2014-10-04 17:44 ` John Smithee
2014-10-05 15:41 ` John Lister
2014-10-06 9:41 ` André Paulsberg
-- strict thread matches above, loose matches on Subject: below --
2008-11-02 16:15 Basic Routing Daniel L. Miller
2008-11-02 17:03 ` Rob Sterenborg
2008-11-02 18:43 ` Daniel L. Miller
2008-11-02 19:53 ` Rob Sterenborg
2008-11-03 1:59 ` Daniel L. Miller
2008-11-02 20:04 ` Grant Taylor
2008-11-02 20:51 ` Grant Taylor
2008-11-03 1:52 ` Daniel L. Miller
2008-11-03 2:34 ` Grant Taylor
2008-11-03 19:29 ` Daniel L. Miller
2008-11-03 19:39 ` Daniel L. Miller
2008-11-03 20:26 ` Grant Taylor
2008-11-05 0:00 ` Daniel L. Miller
2008-11-05 5:21 ` Rob Sterenborg
2008-11-05 15:56 ` Grant Taylor
2008-11-05 18:22 ` Rob Sterenborg
2008-11-05 18:30 ` Grant Taylor
2008-11-05 19:49 ` Rob Sterenborg
2008-11-05 15:24 ` Grant Taylor
2008-11-03 23:40 ` Amos Jeffries
2008-11-04 23:13 ` Grant Taylor
2008-11-04 23:53 ` Daniel L. Miller
2008-11-05 12:24 ` John Haxby
2008-11-05 17:31 ` Grant Taylor
2010-09-20 21:40 ` Daniel L. Miller
2010-09-20 23:41 ` Jan Engelhardt
2010-09-21 3:34 ` Grant Taylor
2008-11-05 17:17 ` Grant Taylor
2008-11-02 19:06 ` Grant Taylor
2008-11-03 10:54 ` Pascal Hambourg
2008-11-03 16:35 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=542F6403.8020609@conversis.de \
--to=dennisml@conversis.de \
--cc=for-gmane@mutluit.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.