Re: Ip_Forwarding

Ray Olszewski Sun, 25 Mar 2001 17:08:00 -0800
At 12:58 PM 3/25/01 -0800, Shane McKeown wrote:
>Ok, I have attached the answers to the remaining 
>questions Ray, sorry I didn't include them the last
>time.

OK. This is still a bit jumbled, and you didn't answer quite everything, but
let's see what sense we can make of it.

1. When ppp is running on the Linux router, it has two interfaces (skipping lo):

>> eth0      ...        inet addr:132.158.132.2 
>> Bcast:132.158.132.255  Mask:255.255.255.0

>> ppp0 ...     inet addr:212.1.141.149 
>> P-t-P:212.1.128.25 
>> Mask:255.255.255.255

2. From the routing table for the Windows PC (IP address 132.158.132.1), I
see that it correctly has 132.158.132.2 as its default gateway. It also has
a route to 132.158.132.2.

3. Your outgoing traffic is NAT'd by the Linux router's forward chain:

>> MASQ       all  ------  132.158.132.0/24    
>> 0.0.0.0/0

This all looks correct, but you might want to check the full version of the
forward-chain rule (with the command "ipchains -l -n -v") to see if there
is, for example, an interface problem that the shorter ipchains output conceals.

If that isn't it ... ipchains rules usually need to be reset when the
routing table changes (in this case, when pppd connects). If you are not
already doing that (as part of your pppd script, for example), you might try
flushing the ipchains ruleset, then reinstalling your forward-chain MASQ
rule, and see if that helps. 

If not, add the rule

        ipchains -A -forward -l -j DENY

*after* the MASQ rule and see if anything helpful gets logged. Or change the
forward-chain policy to ACCEPT and see if that helps.

One incidental comment: although you are MASQ'ing the LAN, you are using
real (not private) IP addresses for it. This is not good practice, since the
132.158.132.0/24 network might be in use someplace (I didn't check), and
this way you won't be able to route to it. You would do better to use one of
the standard perivate-address ranges (e.g., 192.168.X.0/24).

>--- Shane McKeown <[EMAIL PROTECTED]> wrote:
>> Ok, here are the outputs from each of the commands:
[details deleted]


--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA                                    [EMAIL PROTECTED]        
----------------------------------------------------------------

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
Re: Ip_Forwarding

Reply via email to
