From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stef Coene Date: Sun, 24 Mar 2002 10:40:57 +0000 Subject: Re: [LARTC] iproute2 is not routing Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org > At this point, all I want to do is route between > these interfaces. So far all I can do is ping the > linux-router from the devices on the various > segments. But I cannot reach devices on the other > side of the linux-router. > > i.e., From a host on the inside-net, I can ping > every interface on the linux-router. But I cannot > ping a host on the other side of the linux-router. > And if sourcing from the linux-router, I am able > to ping everything. > > The routes appear to be correct as far as I can > tell. I've even turned off the firewalling > (iptables) to see if that was the problem, but it > was not. > > > > What am I missing? Is the default gateway ok? It points to 192.168.1.1 which is on a private LAN connected to eth2. And if you want to ping from the lan to internet, you will need to do SNAT (masquerading). You need a rule like this : iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE If you do not do that, the host on the internet sees a package from 192.168.x. and does not know where it can find that host. > Is there a way to 'debug' like in a cisco router? You can use tcpdump. Or an iptables rule with -j LOG and see what appears in the logs. > [prompt]# ip ro > 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.150 > 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.150 > 123.4.5.0/22 dev eth0 proto kernel scope link src 123.4.5.6 > default via 192.168.1.1 dev eth2 proto static src 192.168.1.150 Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/