* Simple Packet Forwarding
@ 2002-06-25 15:06 Ruben I Safir
0 siblings, 0 replies; 6+ messages in thread
From: Ruben I Safir @ 2002-06-25 15:06 UTC (permalink / raw)
To: netfilter
Hello
I've been banging my head on documentation trying to get simple packet forwarding to function.
I could use some help.
I have a simple network with a gateway to DSL running on the ipaddess
Internet <-->216.254.112.136(eth1 gatway machine eth0)<-->216.254.112.135 <-->INTERNAL NETWORK
The Internal Netowrk has 216.254.112.137 and 216.254.112.138 plus the a 10.0.0.0 subnet
The routing looks like this
216.254.112.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
216.254.112.135 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
216.254.112.136 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
216.254.112.137 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
216.254.112.138 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
I need to do simple packet forwarding without a Masquarade to test VPN on a lap top
I can't seem to get it to work without MASQUARADE.
My list looks like this
Chain INPUT (policy ACCEPT 1689 packets, 796K bytes)
pkts bytes target prot opt in out source destination
81 9031 ACCEPT all -- eth0 any anywhere anywhere
2085 350K ACCEPT all -- eth1 any anywhere anywhere
Chain FORWARD (policy ACCEPT 151 packets, 12660 bytes)
pkts bytes target prot opt in out source destination
1307 110K ACCEPT all -- any any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 1687 packets, 792K bytes)
pkts bytes target prot opt in out source destination
132 11168 ACCEPT all -- any eth0 anywhere anywhere
2617 1574K ACCEPT all -- any eth1 anywhere anywhere
__________________________
Brooklyn Linux Solutions
__________________________
http://www.mrbrklyn.com - Consulting
http://www.brooklynonline.com - For the love of Brooklyn
http://www.nylxs.com - Leadership Development in Free Software
http://www.nyfairuse.org - The foundation of Democracy
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/mp3/dr.mp3 - Imagine my surprise when I saw you...
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
1-718-382-5752
^ permalink raw reply [flat|nested] 6+ messages in thread
* Simple Packet Forwarding
@ 2002-06-25 15:06 Ruben I Safir
2002-06-25 15:14 ` Antony Stone
0 siblings, 1 reply; 6+ messages in thread
From: Ruben I Safir @ 2002-06-25 15:06 UTC (permalink / raw)
To: netfilter
Hello
I've been banging my head on documentation trying to get simple packet forwarding to function.
I could use some help.
I have a simple network with a gateway to DSL running on the ipaddess
Internet <-->216.254.112.136(eth1 gatway machine eth0)<-->216.254.112.135 <-->INTERNAL NETWORK
The Internal Netowrk has 216.254.112.137 and 216.254.112.138 plus the a 10.0.0.0 subnet
The routing looks like this
216.254.112.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
216.254.112.135 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
216.254.112.136 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
216.254.112.137 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
216.254.112.138 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
I need to do simple packet forwarding without a Masquarade to test VPN on a lap top
I can't seem to get it to work without MASQUARADE.
My list looks like this
Chain INPUT (policy ACCEPT 1689 packets, 796K bytes)
pkts bytes target prot opt in out source destination
81 9031 ACCEPT all -- eth0 any anywhere anywhere
2085 350K ACCEPT all -- eth1 any anywhere anywhere
Chain FORWARD (policy ACCEPT 151 packets, 12660 bytes)
pkts bytes target prot opt in out source destination
1307 110K ACCEPT all -- any any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 1687 packets, 792K bytes)
pkts bytes target prot opt in out source destination
132 11168 ACCEPT all -- any eth0 anywhere anywhere
2617 1574K ACCEPT all -- any eth1 anywhere anywhere
__________________________
Brooklyn Linux Solutions
__________________________
http://www.mrbrklyn.com - Consulting
http://www.brooklynonline.com - For the love of Brooklyn
http://www.nylxs.com - Leadership Development in Free Software
http://www.nyfairuse.org - The foundation of Democracy
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/mp3/dr.mp3 - Imagine my surprise when I saw you...
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
1-718-382-5752
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Simple Packet Forwarding
2002-06-25 15:06 Ruben I Safir
@ 2002-06-25 15:14 ` Antony Stone
2002-06-25 15:19 ` Ruben I Safir
0 siblings, 1 reply; 6+ messages in thread
From: Antony Stone @ 2002-06-25 15:14 UTC (permalink / raw)
To: netfilter
On Tuesday 25 June 2002 4:06 pm, Ruben I Safir wrote:
> I have a simple network with a gateway to DSL running on the ipaddess
>
> Internet <-->216.254.112.136(eth1 gatway machine eth0)<-->216.254.112.135
> <-->INTERNAL NETWORK
This is not my idea of a "simple network" :-)
You have assigned two addresses from the same network range to different
ethernet cards on one machine.
It will be horribly upset and confused by this.
Change one of them so that you have two different network ranges on the two
sides of your firewall and life will become an awful lot simpler and easier
to handle.
Antony.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Simple Packet Forwarding
2002-06-25 15:14 ` Antony Stone
@ 2002-06-25 15:19 ` Ruben I Safir
2002-06-25 15:26 ` Antony Stone
0 siblings, 1 reply; 6+ messages in thread
From: Ruben I Safir @ 2002-06-25 15:19 UTC (permalink / raw)
To: Antony Stone; +Cc: netfilter
Yes - well
Those are the ip addesses I've been assigned
So my routing is a lot ip addresses host assignemnt
On 2002.06.25 11:14 Antony Stone wrote:
> On Tuesday 25 June 2002 4:06 pm, Ruben I Safir wrote:
>
> > I have a simple network with a gateway to DSL running on the ipaddess
> >
> > Internet <-->216.254.112.136(eth1 gatway machine eth0)<-->216.254.112.135
> > <-->INTERNAL NETWORK
>
> This is not my idea of a "simple network" :-)
>
> You have assigned two addresses from the same network range to different
> ethernet cards on one machine.
>
> It will be horribly upset and confused by this.
>
> Change one of them so that you have two different network ranges on the two
> sides of your firewall and life will become an awful lot simpler and easier
> to handle.
>
>
>
> Antony.
>
--
__________________________
Brooklyn Linux Solutions
__________________________
http://www.mrbrklyn.com - Consulting
http://www.brooklynonline.com - For the love of Brooklyn
http://www.nylxs.com - Leadership Development in Free Software
http://www.nyfairuse.org - The foundation of Democracy
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/mp3/dr.mp3 - Imagine my surprise when I saw you...
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
1-718-382-5752
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Simple Packet Forwarding
2002-06-25 15:19 ` Ruben I Safir
@ 2002-06-25 15:26 ` Antony Stone
2002-06-25 15:47 ` Ruben I Safir
0 siblings, 1 reply; 6+ messages in thread
From: Antony Stone @ 2002-06-25 15:26 UTC (permalink / raw)
To: netfilter
On Tuesday 25 June 2002 4:19 pm, Ruben I Safir wrote:
> Yes - well
>
> Those are the ip addesses I've been assigned
Why can't you put the 216.254.... addresses on the outside of your firewall,
use some private addresses (10..... 172..... 192.168.....) on the inside, and
use NAT if you want to have some internal machines publicly visible ?
> So my routing is a lot ip addresses host assignemnt
I don't understand that...
Antony.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Simple Packet Forwarding
2002-06-25 15:26 ` Antony Stone
@ 2002-06-25 15:47 ` Ruben I Safir
0 siblings, 0 replies; 6+ messages in thread
From: Ruben I Safir @ 2002-06-25 15:47 UTC (permalink / raw)
To: Antony Stone; +Cc: netfilter
Those IP Addresses are the ones assigned
I NEED the packets forwarded from 216.254.112.138 unmasqed or anything to test the VPN
>
> > So my routing is a lot ip addresses host assignemnt
>
> I don't understand that...
>
route add -host 216.254.112.138 /dev/eth0
for exapmle
>
>
> Antony.
>
--
__________________________
Brooklyn Linux Solutions
__________________________
http://www.mrbrklyn.com - Consulting
http://www.brooklynonline.com - For the love of Brooklyn
http://www.nylxs.com - Leadership Development in Free Software
http://www.nyfairuse.org - The foundation of Democracy
http://www2.mrbrklyn.com/resources - Unpublished Archive or stories and articles from around the net
http://www2.mrbrklyn.com/mp3/dr.mp3 - Imagine my surprise when I saw you...
http://www2.mrbrklyn.com/downtown.html - See the New Downtown Brooklyn....
1-718-382-5752
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-06-25 15:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-25 15:06 Simple Packet Forwarding Ruben I Safir
-- strict thread matches above, loose matches on Subject: below --
2002-06-25 15:06 Ruben I Safir
2002-06-25 15:14 ` Antony Stone
2002-06-25 15:19 ` Ruben I Safir
2002-06-25 15:26 ` Antony Stone
2002-06-25 15:47 ` Ruben I Safir
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox