On Friday 01 February 2002 10:05 pm, Greg Brown wrote: > I had Roadrunner installed today and I can't get routing to work. My > "network" looks something like the following:
Cool, once you go broadband, you'll never go back. > > 1. cable modem connected to eth0 (3c905) > 2. eth0 is configured for DHCP (and is able to get an IP address - and I > can surf the web from my linux box) > 3. eth1 is configured as 10.1.1.254 (and is the default gateway of all my > home machines) > 4. netcfg has been run and I have set the "default gateway device" as eth0 > > I also have some ipchains rules set. I wanted to disable any incoming TCP > connection while allowing any machine on my home network (10.x.x.x) to be > able to communicate with the outside world. Here is my ipchains file as it > exists right now: > > # Firewall configuration written by lokkit > # Manual customization of this file is not recommended. > # Note: ifup-post will punch the current nameservers through the > # firewall; such entries will *not* be listed here. > > :input ACCEPT > :forward ACCEPT > :output ACCEPT > > -A input -s 0/0 -d 0/0 -i lo -j ACCEPT > -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -p 6 -j DENY -y Little worried about this rule... is it denying ICMP? (I can't remember my protocol numbers) Wouldn't "-p ICMP" work here? > -A input -s x.x.x.x (my r.r. ip address)/255.255.255.255 53:53 -d > 0.0.0.0/0.0.0.0 -p 17 -j ACCEPT > -A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth1 -j MASQ > > > Does anyone see where I'm going wrong? Can anyone offer any suggestions? > > I thank you all in advance!!!! > > Greg > > Can see only one thing... do you have IP routing turned on? do a "cat /proc/sys/net/ipv4/ip_forward If you get a 0 back, that's the problem, the system isn't forwarding packets from eth0 to eth1 and vice-versa. The net cfg switch for this never seemed to take for me, so I edited /etc/sysctl.conf. The line, "net.ipv4.forward = 0" change 0 to 1. (Don't know how to get this reread w/o rebooting.) "echo 1 > /proc/sys/net/ipv4/ip_forward" will get you up right now. HTH, YMMV, HAGD, and TTFN :) CJK
