Re: [Nolug] Routing question

From: -ray <ray_at_ops.selu.edu>
Date: Fri, 13 May 2005 09:28:09 -0500 (CDT)
Message-ID: <Pine.LNX.4.61.0505130923340.31201@romulus.csd.selu.edu>

Assuming you can ping the server from your machine and vice-versa? Are
you trying iptables yet? Try flushing all rules, make sure the default
policies are ACCEPT, and that ip forwarding is turned on. The routing has
to be working before we start messing with the firewall rules.

ray

On Fri, 13 May 2005 dan@mpsware.com wrote:

>
>
> Hi Scott
>
> Actually this other network does need to pass through our network for internet.
>
> I have been looking at tcpdump on both interfaces in the server and when I try
> to tracert to google, I can see the traffic hitting both cards, but it isn't
> getting back to the second network.
>
> packet originates at my machine, hits eth0 on server, hits eth1 on server,
> gets response, hits eth1, fails to go any further back.
>
> Any idea?
>
>
> Scott Harney <scotth@scottharney.com> said:
>
>> -ray wrote:
>>>
>>> The second network needs to be physically behind the server, and
>>> connected to eth0. The server is then their default gateway. Then
>>> setup iptables on the server, with a rule that lets them get to
>>> everything EXCEPT your network. ie if your network is 192.168.1.0:
>>>
>>> iptables -A FORWARD -i eth0 -d 192.168.1.0/24 -j DROP
>>>
>>> If you switch does vlans, then you can do it without separate physical
>>> connections and only one eth card in the server (with multiple vlan
>>> interfaces), which might be easier...
>>>
>>
>> If the other network does not need to pass through (transit) your network via
>> this server for it's internet connectivity then you need not enable IP
>> Forwarding (routing) at all. In other words, if eth1's network has a separate
>> path to the internet, then you can put the following in /etc/sysctl.conf
>> # Disables packet forwarding
>> net.ipv4.ip_forward = 0
>>
>>
>>
>> --
>> Scott Harney <scotth@scottharney.com>
>> "Asking the wrong questions is the leading cause of wrong answers"
>> gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
>> ___________________
>> Nolug mailing list
>> nolug@nolug.org
>>
>
>
>
> 

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean  				       	 http://www.r-a-y.org
Systems Engineer                    Southeastern Louisiana University
IBM Certified Specialist  	      AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
___________________
Nolug mailing list
nolug@nolug.org
Received on 05/13/05

This archive was generated by hypermail 2.2.0 : 12/19/08 EST