on Sunday 01/28/2007 David Hough(lists@llondel.org) wrote
> John covici wrote:
> > Hi. I have a system with two network cards -- eth0 is a public ip
> > address and eth1 is on an internal network. Now I have all the packet
> > forwards enabled, and there is a route from eth1 to the internal
> > network, but if a computer on the internal network sets his gateway to
> > the box, he can't traceroute past the box to the internet. There
> > are no iptable rules yet.
> >
> > Here is the routing table as produced by route.
> > Destination Gateway Genmask Flags Metric Ref Use
> > Iface
> > 64.183.125.208 * 255.255.255.248 U 0 0 0
> > eth0
> > 192.168.1.0 * 255.255.255.0 U 0 0 0
> > eth1
> > 169.254.0.0 * 255.255.0.0 U 0 0 0
> > eth0
> > default rrcs-64-183-125 0.0.0.0 UG 0 0 0
> > eth0
> >
> >
> > What am I doing wrong here?
> >
> > Any assistance would be appreciated.
> >
> Two things spring to mind.
>
> 1. What result do you get from "cat /proc/sys/net/ipv4/ip_forward"? If
> it's zero then you haven't got forwarding enabled.
>
> 2. Even if it is enabled, stuff on the LAN will head out to the big wide
> world with a 192.168.1.x address on it and get eaten by any
> properly-configured router outside.
>
> To fix the first one, just "echo 1 > /proc/sys/net/ipv4/ip_forward" to
> enable forwarding.
>
> To fix the second one, you'll need a bunch of iptables rules to set up
> NAT so all outbound traffic goes out using your public IP.
> --
> Dave
> http://www.llondel.org
> So many gadgets, so little time
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici
covici@ccs.covici.com
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
|