simple routing frustration

[thorpe7]

---

I'm on a fresh fedora 12 install; I'm trying to do what seems like should be a simple, uncomplicated task. Just set up routing between two interfaces. No address translation, no filtering. But its giving me problems. All the instructions that I find seem to want to tell me how to set up NAT.

Seems like I can do iptables -F to all the tables in sight, tell ip route to how to forward traffic as explicitly as I like, write "1" to /proc/sys/net/ipv4/ip_forward as often as I want, and the linux kernel still does not want to forward packets from one interface to another.

I can send and recieve packets to and from the router to either network, no problem. I can see packets from each network arrive on its interface, but it never makes it to the other interface: linux simply doesn't want to pass it along.

If I turn on masquerading in iptables - poof! - I get splendid forwarding. But then I'm doing address translation. I just want routing, not address translation. Just like a simple router would do. How do I get the kernel to just pass along the packets, just as my ip route commands tell it to do? I must be missing something - probably something simple. What am I still missing?

At first I tried this out in a VM, and figured it must be something to do with limitations around virtual network interfaces. But now I'm on bare hardware, and having exactly the same problem. Is it something about using a PAE kernel on an old pentium 4? Shouldn't just writing a one to the ip_forward file turn on forwarding? Maybe forwarding sans address translation is just a networking no-no?

Thanks, folks

[Lazydog]

It sounds like packets are being forwarded but the receiving system doesn't know how to get back to the original system. When you turn on MASQ it works but without it, it doesn't.

[thorpe7]

I think if it was a problem of getting packets back to the sending machine, I'd see the packets as they went out the second interface of the router. I'm not. I'm also not seeing them arrive at the destination system's interface.

Is there some kind of logging I can turn on that might report why each packet is being dropped?

[thorpe7]

Does nobody do routing without address translation? Or is what I'm doing just supposed to work? Should I be asking this question in some other forum?

[thorpe7]

For what its worth, after much mucking around, I found that putting a "1" into

/proc/sys/net/ipv4/conf/eth<N>/forwarding

is needed to turn on forwarding for a specific interface. (in addition to writing 1 into /proc/sys/net/ipv4/ip_forward to turn on forwarding for the entire host)

[Lazydog]

Does nobody do routing without address translation? Or is what I'm doing just supposed to work? Should I be asking this question in some other forum?

Sure we do. I do it here all the time. NAT'ing is only needed when you are using a private address and need to get to the internet.

For what its worth, after much mucking around, I found that putting a "1" into

/proc/sys/net/ipv4/conf/eth<N>/forwarding

is needed to turn on forwarding for a specific interface. (in addition to writing 1 into /proc/sys/net/ipv4/ip_forward to turn on forwarding for the entire host)

I don't think this is correct, at least here I don't have to do that.
I have forwarding turned on in sysctl.conf
My box has 4 interfaces and they all forward.