Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
Hi everyone, Firstly I've been searching on here and all the stuff I've found doesn't help as I don't think I've missed anything. I had the setup working on my ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2010
    Posts
    14

    Question IP Forwarding refuses to work!


    Hi everyone,

    Firstly I've been searching on here and all the stuff I've found doesn't help as I don't think I've missed anything. I had the setup working on my old system before I upgraded to new hardware and then migrated the ip addresses and some of the configs over...Everything seems to be working apart from the IP forwarding.

    I have a 10.1.2.0 network internally
    10.1.2.80 is the internal interface of the gateway
    I have a 10.1.1.0 network externally (which houses the internet gateway)
    10.1.1.23 is the external interface of the gateway
    10.1.1.1 is the internet gateway

    so here is the information from a host internal network

    Ethernet adapter Wireless Network Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection
    Physical Address. . . . . . . . . : 00-1C-BF-10-BC-53
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 10.1.2.20
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 10.1.2.80
    DHCP Server . . . . . . . . . . . : 10.1.2.80
    DNS Servers . . . . . . . . . . . : 10.1.2.80
    Lease Obtained. . . . . . . . . . : Wednesday, 17 February 2010 18:21:47
    Lease Expires . . . . . . . . . . : Wednesday, 17 February 2010 18:31:47

    Host routing

    ================================================== =========================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x90003 ...00 1c bf 10 bc 53 ...... Intel(R) PRO/Wireless 3945ABG Network Connection - McAfee NDIS Intermediate Filter Miniport
    0x90004 ...00 21 70 7a 42 d4 ...... Broadcom NetXtreme 57xx Gigabit Controller #3 - McAfee NDIS Intermediate Filter Miniport
    ================================================== =========================
    ================================================== =========================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 10.1.2.80 10.1.2.20 25
    10.1.2.0 255.255.255.0 10.1.2.20 10.1.2.20 25
    10.1.2.20 255.255.255.255 127.0.0.1 127.0.0.1 25
    10.255.255.255 255.255.255.255 10.1.2.20 10.1.2.20 25
    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
    169.254.0.0 255.255.0.0 10.1.2.20 10.1.2.20 20
    224.0.0.0 240.0.0.0 10.1.2.20 10.1.2.20 25
    255.255.255.255 255.255.255.255 10.1.2.20 10.1.2.20 1
    255.255.255.255 255.255.255.255 10.1.2.20 90004 1
    Default Gateway: 10.1.2.80
    ================================================== =========================
    Persistent Routes:
    None

    Route Table

    I can do a nslookup :

    d:\nslookup (fedora)
    *** Can't find server name for address 10.1.2.80: Server failed*** Default servers are not availableNon-authoritative answer:Server: UnKnown
    Address: 10.1.2.80

    Name: (fedora)
    Address: 67.40.49.163

    It's resolving off the gateway but still gives an error, always did that even with the working situation.

    Now here's info from the gateway (and the dns caching & dhcpd setup came from the old system, copied across with identical ip's on the gateway)

    eth0 Link encap:Ethernet HWaddr 00:24:8C:78:87:BE
    inet addr:10.1.2.80 Bcast:10.1.2.255 Mask:255.255.255.0
    inet6 addr: fe80::224:8cff:fe78:87be/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:47338 errors:0 dropped:0 overruns:0 frame:0
    TX packets:88520 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2901845 (2.7 MiB) TX bytes:132922402 (126.7 MiB)
    Interrupt:27 Base address:0x2000

    wlan0 Link encap:Ethernet HWaddr 00:08:A1:85:8B:9C
    inet addr:10.1.1.23 Bcast:10.1.1.255 Mask:255.255.255.0
    inet6 addr: fe80::208:a1ff:fe85:8b9c/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:7207 errors:0 dropped:0 overruns:0 frame:0
    TX packets:6915 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:778337 (760.0 KiB) TX bytes:1008011 (984.3 KiB)

    Kernel IP routing table
    Destination Gateway Genmask Flags MSS Window irtt Iface
    10.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
    10.1.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
    169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
    0.0.0.0 10.1.1.1 0.0.0.0 UG 0 0 0 wlan0

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    cat /proc/sys/net/ipv4/ip_forward
    1

    grep -i ip_for /etc/sysctl.conf
    net.ipv4.ip_forward = 1

    grep -i forw /etc/sysconfig/network
    FORWARD_IPV4=true

    grep -i forw /etc/sysconfig/networking/devices/ifcfg-eth0
    FORWARD_IPV4=yes

    Now all that looks right and the gateway can connect to the internet fine :

    nslookup (fedora)
    Server: 10.1.1.1
    Address: 10.1.1.1#53

    Non-authoritative answer:
    Name: (fedora)
    Address: 67.40.49.163

    ping (fedora)
    PING (fedora) (67.40.49.163) 56(84) bytes of data.
    64 bytes from (fedora) (67.40.49.163): icmp_seq=1 ttl=237 time=235 ms
    64 bytes from (fedora) (67.40.49.163): icmp_seq=2 ttl=237 time=223 ms
    ^C
    --- (fedora) ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1230ms
    rtt min/avg/max/mdev = 223.742/229.850/235.959/6.127 ms


    So I'm really confused!!!! Help?

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,755
    *Assuming the "internet gateway" system is connected to a public IP and there is not routing through further private networks...*

    Unless the systems on the 10.1.1.0 network have a static route explaining HOW to get back to the 10.1.2.0 network, you will need masquerading enabled via IPTables on the 10.1.1.0/10.1.2.0 gateway machine.

    You can use tcpdump on any systems to see what packets are making it to what machines.

  3. #3
    Just Joined!
    Join Date
    Feb 2010
    Posts
    14
    Sorry, I should have maybe made that a bit clearer. 10.1.1.1 router is the gateway to the internet and yes it has a static route stating that 10.1.2.0 has a gateway of 10.1.1.23 with a 255.250.255.0 netmask.

    10.1.2.x can't talk to 10.1.1.x and vice versa, only the middle router with interfaces on both makes it out the 10.1.1.1 to the Internet.

  4. #4
    Just Joined!
    Join Date
    Feb 2010
    Posts
    14
    masq is setup...

    Table: nat
    Chain PREROUTING (policy ACCEPT)
    num target prot opt source destination

    Chain POSTROUTING (policy ACCEPT)
    num target prot opt source destination
    1 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT)
    num target prot opt source destination

    Table: filter
    Chain INPUT (policy ACCEPT)
    num target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    num target prot opt source destination
    1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT)
    num target prot opt source destination

    Please help?

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    OK, the above is hard to read as you did not post the output using the CODE tags.
    This is easier to read then what you have posted.

    Code:
    ~ $ ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:11:D8:95:65:7D
              inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:12276 errors:0 dropped:0 overruns:0 frame:0
              TX packets:10837 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:9882680 (9.4 MiB)  TX bytes:1040569 (1016.1 KiB)
              Interrupt:185 Memory:fac00000-0
    
    lo        Link encap:Local Loopback
              inet addr:127.0.0.1  Mask:255.0.0.0
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:408 errors:0 dropped:0 overruns:0 frame:0
              TX packets:408 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:65948 (64.4 KiB)  TX bytes:65948 (64.4 KiB)
    You get the above by placing the text you cut&paste between {code}{/code} replacing {} with []. This keeps the format.


    I'm going to assume your gateway is some form of RH distro.
    Now I would like the following output from the gateway box using the code tags:

    ifconfig
    route -n
    cat /etc/sysconfig/iptables
    ping <any address on the 10.1.2.*>

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #6
    Just Joined!
    Join Date
    Feb 2010
    Posts
    14
    Sorry for that...

    Yes, FC12.

    Code:
    =>ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:24:8C:78:87:BE  
              inet addr:10.1.2.80  Bcast:10.1.2.255  Mask:255.255.255.0
              inet6 addr: fe80::224:8cff:fe78:87be/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:2079007 errors:0 dropped:0 overruns:0 frame:0
              TX packets:3917629 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:125916804 (120.0 MiB)  TX bytes:5870017867 (5.4 GiB)
              Interrupt:27 Base address:0xe000 
    
    lo        Link encap:Local Loopback  
              inet addr:127.0.0.1  Mask:255.0.0.0
              inet6 addr: ::1/128 Scope:Host
              UP LOOPBACK RUNNING  MTU:16436  Metric:1
              RX packets:4552 errors:0 dropped:0 overruns:0 frame:0
              TX packets:4552 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0 
              RX bytes:1609122 (1.5 MiB)  TX bytes:1609122 (1.5 MiB)
    
    wlan0     Link encap:Ethernet  HWaddr 00:08:A1:85:8B:9C  
              inet addr:10.1.1.23  Bcast:10.1.1.255  Mask:255.255.255.0
              inet6 addr: fe80::208:a1ff:fe85:8b9c/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:6839445 errors:0 dropped:0 overruns:0 frame:0
              TX packets:6063573 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:4853415446 (4.5 GiB)  TX bytes:1341148892 (1.2 GiB)
    
    wmaster0  Link encap:UNSPEC  HWaddr 00-08-A1-85-8B-9C-80-4E-00-00-00-00-00-00-00-00  
              UP RUNNING  MTU:0  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000 
              RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
    
    =>route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.1.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
    0.0.0.0         10.1.1.1        0.0.0.0         UG    0      0        0 wlan0
    =>cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.4.5 on Tue Mar  2 17:27:28 2010
    *nat
    :PREROUTING ACCEPT [341736:31562983]
    :POSTROUTING ACCEPT [7428:2263507]
    :OUTPUT ACCEPT [315513:29503157]
    -A POSTROUTING -o wlan0 -j MASQUERADE 
    COMMIT
    # Completed on Tue Mar  2 17:27:28 2010
    # Generated by iptables-save v1.4.5 on Tue Mar  2 17:27:28 2010
    *filter
    :INPUT ACCEPT [8032062:4579135398]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [8965663:5670961015]
    -A FORWARD -i eth0 -j ACCEPT 
    COMMIT
    # Completed on Tue Mar  2 17:27:28 2010
    =>ping 10.1.2.1
    PING 10.1.2.1 (10.1.2.1) 56(84) bytes of data.
    64 bytes from 10.1.2.1: icmp_seq=1 ttl=64 time=0.362 ms
    64 bytes from 10.1.2.1: icmp_seq=2 ttl=64 time=0.361 ms
    64 bytes from 10.1.2.1: icmp_seq=3 ttl=64 time=0.353 ms
    ^C
    --- 10.1.2.1 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2239ms
    rtt min/avg/max/mdev = 0.353/0.358/0.362/0.022 ms
    the routing table is smaller than it used to be as I tried to remove extra routes just incase that was it...no difference. The routes I removed were

    Code:
    1051  route del -net 10.1.1.0 netmask 255.255.255.0 wlan0
    1055  route del -net 169.254.0.0 netmask 255.255.0.0 eth0
    Regards,
    Andy

  7. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Looking at what you have posted above your system has not forwarded any packets as can be seen in the *filter section of your firewall.

    So if I understand you correctly you can get to, for example, google.com from the gateway box but from anything behind this box you cannot. Correct?

    What does the routing table look like on the box behind the gateway (10.1.2.*)? Can it ping any ip address on the 10.1.1.* network that isn't the gateway router?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #8
    Just Joined!
    Join Date
    Feb 2010
    Posts
    14
    Correct, nothing...can do dns queries (as 10.1.2.80 is a proxy for dns) but no actual connection

    Code:
    Client=>route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.1.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
    169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
    0.0.0.0         10.1.2.80       0.0.0.0         UG    0      0        0 eth0
    
    
    Client=>ping 10.1.2.80
    PING 10.1.2.80 (10.1.2.80) 56(84) bytes of data.
    64 bytes from 10.1.2.80: icmp_seq=1 ttl=64 time=0.159 ms
    64 bytes from 10.1.2.80: icmp_seq=2 ttl=64 time=0.137 ms
    ^C
    --- 10.1.2.80 ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1090ms
    rtt min/avg/max/mdev = 0.137/0.148/0.159/0.011 ms
    
    
    Client=>ping 10.1.1.1
    PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
    ^C
    --- 10.1.1.1 ping statistics ---
    10 packets transmitted, 0 received, 100% packet loss, time 9927ms
    
    
    Client=>ping 10.1.1.2
    PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
    ^C
    --- 10.1.1.2 ping statistics ---
    5 packets transmitted, 0 received, 100% packet loss, time 4175ms
    
    
    Client=>ping www-google-com
    PING www-google-com (66.102.7.103) 56(84) bytes of data.
    ^C
    --- www-google-com ping statistics ---
    5 packets transmitted, 0 received, 100% packet loss, time 4819ms

  9. #9
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Your gateway/router is not passing traffic. Have you ensured that forwarding it turned on? Have you tried to reboot the system?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  10. #10
    Just Joined!
    Join Date
    Feb 2010
    Posts
    14
    Yes...hence my issue!

    Code:
    cat /proc/sys/net/ipv4/ip_forward
    1
    
    grep -i ip_for /etc/sysctl.conf
    net.ipv4.ip_forward = 1
    
    grep -i forw /etc/sysconfig/network
    FORWARD_IPV4=true
    
    grep -i forw /etc/sysconfig/networking/devices/ifcfg-eth0
    FORWARD_IPV4=yes
    I've just noticed this... I have a true & a yes for FORWARD_IPV4...shouldn't they both be the same? If so, is it true or yes?

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •