All of lore.kernel.org
 help / color / mirror / Atom feed
From: Kelly Scroggins <kelly@cliffhanger.com>
To: lartc@vger.kernel.org
Subject: [LARTC] iproute2 is not routing
Date: Sun, 24 Mar 2002 09:06:06 +0000	[thread overview]
Message-ID: <marc-lartc-101696074924194@msgid-missing> (raw)

I'm tying to learn iproute2 by building a
router/firewall for my home Internet access.  But
things are not working as expected.

I'm running a distribution called PakSecured
(kernel 2.4.0) on a box with 3 Ethernet
interfaces.  One is connected to the Internet, the
other two are connected to 2 different private IP
segments.

At this point, all I want to do is route between
these interfaces.  So far all I can do is ping the
linux-router from the devices on the various
segments.  But I cannot reach devices on the other
side of the linux-router.

i.e., From a host on the inside-net, I can ping
every interface on the linux-router.  But I cannot
ping a host on the other side of the linux-router.
And if sourcing from the linux-router, I am able
to ping everything.

The routes appear to be correct as far as I can
tell.  I've even turned off the firewalling
(iptables) to see if that was the problem, but it
was not.



What am I missing?  

Why can't I get packets through the linux-router?

Is there a way to 'debug' like in a cisco router?



I've created a ASCII top of the network, and I've
included output from :
 
 - ip addr
 - ip route
 - ip rules
 - iptables -L
 - cat /proc/sys/net/ipv4/ip_forward



	--- *** Topo Map *** ---


[inside-net] eth0>-----<eth2 [linux-router] eth1>-----<eth0 [other-net]
            ^       ^       ^       |^     ^       ^       ^
          .1^       ^       ^.150   | ^    ^.150   ^       ^.1
                    ^               |  ^           ^ 
       192.168.1.0/24               |   ^          192.168.2.0/24 
                                    |    ^ 
                                    |    eth0 123.4.5.6/22
                                    |
                                    |
                                    |
                               [Internet]


	--- *** ---

[prompt]# ip addr
1: lo: <LOOPBACK,UP> mtu 3840 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
    inet6 ::1/128 scope host 
2: teql0: <NOARP> mtu 1500 qdisc noop qlen 100
    link/void 
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
4: tunl0@NONE: <NOARP> mtu 1480 qdisc noop 
    link/ipip 0.0.0.0 brd 0.0.0.0
5: gre0@NONE: <NOARP> mtu 1476 qdisc noop 
    link/gre 0.0.0.0 brd 0.0.0.0
6: sit0@NONE: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0
7: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:c0:f0:1a:00:9c brd ff:ff:ff:ff:ff:ff
    inet 123.4.5.6/22 brd 123.4.8.255 scope global eth0
    inet6 fe80::2c0:f0ff:fe1a:9c/10 scope link 
8: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:c0:f0:09:d3:b8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.150/24 brd 192.168.2.255 scope global eth1
    inet6 fe80::2c0:f0ff:fe09:d3b8/10 scope link 
9: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:80:c8:39:b4:08 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.150/24 brd 192.168.1.255 scope global eth2
    inet6 fe80::280:c8ff:fe39:b408/10 scope link 


	--- *** ---

[prompt]# ip ro
192.168.2.0/24 dev eth1  proto kernel  scope link  src 192.168.2.150 
192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.150 
123.4.5.0/22 dev eth0  proto kernel  scope link  src 123.4.5.6 
default via 192.168.1.1 dev eth2  proto static  src 192.168.1.150 

	--- *** ---

[prompt]# ip ru
0:	from all lookup local 
16000:	from 192.168.2.0/24 to 192.168.1.0/24 lookup main 
16010:	from 192.168.1.0/24 to 192.168.2.0/24 lookup main 
32766:	from all lookup main 
32767:	from all lookup 253 

	--- *** ---

[prompt]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

	--- *** ---

[prompt]# cat /proc/sys/net/ipv4/ip_forward
1


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

             reply	other threads:[~2002-03-24  9:06 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-03-24  9:06 Kelly Scroggins [this message]
2002-03-24 10:40 ` [LARTC] iproute2 is not routing Stef Coene
2002-03-24 14:51 ` Kelly Scroggins
2002-03-24 15:19 ` Stef Coene
2002-03-24 15:48 ` Kelly Scroggins

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-101696074924194@msgid-missing \
    --to=kelly@cliffhanger.com \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.