Hi Scott
Actually this other network does need to pass through our network for internet.
I have been looking at tcpdump on both interfaces in the server and when I try
to tracert to google, I can see the traffic hitting both cards, but it isn't
getting back to the second network.
packet originates at my machine, hits eth0 on server, hits eth1 on server,
gets response, hits eth1, fails to go any further back.
Any idea?
Scott Harney <scotth@scottharney.com> said:
> -ray wrote:
> >
> > The second network needs to be physically behind the server, and
> > connected to eth0. The server is then their default gateway. Then
> > setup iptables on the server, with a rule that lets them get to
> > everything EXCEPT your network. ie if your network is 192.168.1.0:
> >
> > iptables -A FORWARD -i eth0 -d 192.168.1.0/24 -j DROP
> >
> > If you switch does vlans, then you can do it without separate physical
> > connections and only one eth card in the server (with multiple vlan
> > interfaces), which might be easier...
> >
>
> If the other network does not need to pass through (transit) your network via
> this server for it's internet connectivity then you need not enable IP
> Forwarding (routing) at all. In other words, if eth1's network has a separate
> path to the internet, then you can put the following in /etc/sysctl.conf
> # Disables packet forwarding
> net.ipv4.ip_forward = 0
>
>
>
> --
> Scott Harney <scotth@scottharney.com>
> "Asking the wrong questions is the leading cause of wrong answers"
> gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
-- ___________________ Nolug mailing list nolug@nolug.orgReceived on 05/13/05
This archive was generated by hypermail 2.2.0 : 12/19/08 EST