From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stef Coene Date: Sun, 24 Mar 2002 15:19:09 +0000 Subject: Re: [LARTC] iproute2 is not routing Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org > Is the default gateway ok? It points to 192.168.1.1 which is on a > private LAN connected to eth2. > > I should have said in the original post. This is > a lab behind an existing firewall. The 'Internet' > in the topo drawing is a pretend Internet. The > real Internet connection is on the other side of > 192.168.1.1 (the 'inside-net'). But you have to make sure that the box you are trying to ping, has a route to you. So it knows where to send the answer to the ping. If i't doesn't know, you have to add a route on the target box or masqueing the packets. > And if you want to ping from the lan to internet, you will need to do > SNAT (masquerading). You need a rule like this : > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > tcpdump is not installed on this box. And the > iptables rules are disabled. In other words they > are all set to accept. If I use the iptables > command you suggest, will it actually log > anything? ipables -A INPUT -j LOG gives in /var/log/messages : Mar 24 16:16:03 lieve kernel: IN=eth0 OUT= MAC=00:a0:c9:1a:9c:eb:00:50:da:d0:d8:95:08:00 SRC=192.168.1.101 DST=192.168.1.100 LEN=164 TOS=0x00 PREC=0x00 TTL=64 ID=64662 DF PROTO=TCP SPT=3234 DPT=6000 WINDOW=63712 RES=0x00 ACK PSH URGP=0 Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/