Re: [LARTC] routing problem

["suresh" <super772002@yahoo.com>]

Hello Ard,
Thanks for your guide now its working

Suresh
----- Original Message -----
From: Ard van Breemen <ard@telegraafnet.nl>
To: lartc <lartc@mailman.ds9a.nl>
Cc: suresh <super772002@yahoo.com>
Sent: Tuesday, March 05, 2002 10:58 PM
Subject: Re: [LARTC] routing problem


> On Tue, Mar 05, 2002 at 09:25:58AM +0530, suresh wrote:
> > I have routing problem using Adv Routing.
> > Let me explain with exact flow of packets in my LAN to INTERNET
> >
> >                 I N T E R N E T
> >                 /                     \
> >     -------------             -------------
> >     | a.b.c.e      |              | w.x.y.u     |
> >     |  router1    |              |   router2    |
> >     -------------             -------------
> >                \                   /
> >                 \                /
> >                  \             /
> >                   -----------
> >                   |   Switch  |
> >                   -----------
> >                        |
> >                        |
> >                        |
> >                       eth1                eth1 a.b.c.d     gw a.b.c.e
> >                  --------------       eth1:0 w.x.y.z  gw w.x.y.u
> >                  |                   |
> >                  |    linux        |
> >                  |                   |
> >                  --------------        eth0 172.16.1.1
> >                     eth0                    eth0:0 192.168.1.1
> >                         |
> >                         |
> Rephrased: eth0 is local, eth1 is internet?
> eth0: 172.16.1.1/24 and 192.168.1.1/24
> eth1: w.x.y.z/28 and a.b.c.d/28
>
> > I want to forward all packet from 172.16.1.0/24 Network to router 1
> > and from 192.168.1.0/24 Network to router2.
> >
> > In the linux box i am doing advance routing and iptables.
> > Here i am using iptables just for masquerading
> > the rules are
> > #/sbin/iptables -t nat -A POSTROUTING -o eth0 -p icmp --icmp-type
ping -s
> > 0/0 -d  0/0 -j MASQUERADE
> > #/sbin/iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 0/0 -d 0/0 -j
> > MASQUERADE
> So you are really masquerading internet traffic, so that traffic from
> the internet looks like local traffic?
> Don't you mean:
> /sbin/iptables -t nat -A POSTROUTING -o eth1 -p icmp --icmp-type ping -s
0/0 -d  0/0 -j MASQUERADE
> In other words: icmp traffic going to the internet should be masqueraded?
>
> But now for the next thing in problem solving:
> 1) flush your iptables.
> 2) start these:
> tcpdump -n -e -i eth0
> tcpdump -n -e -i eth1
>
> 3) ping from the 192.168.1.0 network a few times (it will not be
answered).
> Watch the outgoing traffic on eth1
> 4) ping from the 172.16.1.0 network a few times.
> Watch the outgoing traffic on eth1
>
> At this point it should start sending the icmp request to the different
> routers. The *only* way to notice this is the mac address to which it
> is sent!
>
> If that is correct, then your ip stuff is correct. Your next target is
> the iptables.
>
> Enter this:
> /sbin/iptables -t nat -A POSTROUTING -o eth1 -p icmp --icmp-type ping -s
0/0 -d  0/0 -j MASQUERADE
>
> And try the pings again. Watch the mac, and the ip addresses.
> You will see that masqueraded packets "arive" to times at the interface,
> once masqueraded, and once demasqueraded.
>
> If one of these steps does not do as I say, please cut and paste your
> terminal output.
> (That means tcpdumps etc...)
> --
> <ard@telegraafnet.nl> Telegraaf Elektronische Media  http://wwwijzer.nl
> http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html
> Let your government know you value your freedom. Sign the petition:
> http://petition.eurolinux.org/


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/