If understand the setup correctly based on previous emails, it looks like this:
[Internet] <-> [202.172.122.211 (eth1) {Gateway Machine} 202.172.122.74
(eth2)] <-> [202.172.122.75 (eth1) {Other Machine}]
So, according to your emails, your external (eth1) interface on the Gateway
machine ** needs to be .209 not .211 or .210 ** (as this is where the
ISP''s ''router'' is pointing the .72 subnet according
to what you said), and you need to type echo 1 >
/proc/sys/net/ipv4/ip_forward on the gateway machine. No route commands needed:
the Gateway machine knows where the .72 subnet is, because it has an interface
on it. The Gateway Machine''s default gateway is set to your normal
ISP''s gateway.
Does that sound like your setup? If so, a few things come to mind - either your
ISP is not routing .72/29 via .209, or maybe you have a firewall or routing
rules in place, or you are using the wrong IP on the eth1 gateway interface.
Hope this helps!
Dan
-----Original Message-----
From: Tim Groeneveld [mailto:tim@timg.ws]
Sent: 15 October 2007 13:45
To: Dan
Subject: Re: [LARTC] Routing public IP''s through a gateway
On Monday 15 October 2007 10:31:25 pm you wrote:> Unless I have missed something in the question?
Well, these are the commands I issue on my gateway machine:
> ifconfig eth1 202.172.122.210 netmask 255.255.255.248
> ifconfig eth2 202.172.122.73 netmask 255.255.255.248
> route add -net 202.172.122.72 netmask 255.255.255.248 eth1
> route add default gw 202.172.122.209
> echo 1 > /proc/sys/net/ipv4/ip_forward
They all succeed and everything, but no outside Internet locations are
accessable on .72/29 machines.
What is worse, running
> tcpdump -i eth1
Shows that the data from eth2 is being sent to the Internet, but there is no
replies coming on eth2.
On Monday 15 October 2007 11:07:39 pm Dan wrote:> So, according to your emails, your external (eth1) interface on the Gateway > machine ** needs to be .209 not .211 or .210 ** (as this is where the ISP''s > ''router'' is pointing the .72 subnet according to what you said), and you > need to type echo 1 > /proc/sys/net/ipv4/ip_forward on the gateway machine. > No route commands needed: the Gateway machine knows where the .72 subnet > is, because it has an interface on it. The Gateway Machine''s default > gateway is set to your normal ISP''s gateway..209 is taken by the routers gateway, so, it needs to be 210. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
On Monday 15 October 2007 11:12:40 pm Tim Groeneveld wrote:> On Monday 15 October 2007 11:07:39 pm Dan wrote: > > So, according to your emails, your external (eth1) interface on the > > Gateway machine ** needs to be .209 not .211 or .210 ** (as this is where > > the ISP''s ''router'' is pointing the .72 subnet according to what you > > said), and you need to type echo 1 > /proc/sys/net/ipv4/ip_forward on the > > gateway machine. No route commands needed: the Gateway machine knows > > where the .72 subnet is, because it has an interface on it. The Gateway > > Machine''s default gateway is set to your normal ISP''s gateway. > > .209 is taken by the routers gateway, so, it needs to be 210.root@videl:/home/tim# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 202.172.122.208 * 255.255.255.248 U 0 0 0 eth1 202.172.122.72 * 255.255.255.248 U 0 0 0 eth2 link-local * 255.255.0.0 U 1000 0 0 eth1 default home.gateway 0.0.0.0 UG 100 0 0 eth1 root@videl:/home/tim# ip route list 202.172.122.208/29 dev eth1 proto kernel scope link src 202.172.122.210 202.172.122.72/29 dev eth2 proto kernel scope link src 202.172.122.73 169.254.0.0/16 dev eth1 scope link metric 1000 default via 202.172.122.209 dev eth1 metric 100 Is this the correct way to have the route, or is there something here that could be stopping the route from working? root@videl:/home/tim# tcpdump -i eth2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes 00:08:23.863360 IP 202-172-122-76.static.nsw-6.comcen.com.au.1175 > jc-in-f99.google.com.www: S 3109124259:3109124259(0) win 65535 <mss 1460,nop,nop,sackOK> 00:08:26.786727 IP 202-172-122-76.static.nsw-6.comcen.com.au.1175 > jc-in-f99.google.com.www: S 3109124259:3109124259(0) win 65535 <mss 1460,nop,nop,sackOK> 00:08:31.280752 arp who-has home.gateway tell 202-172-122-74.static.nsw-6.comcen.com.au 00:08:32.795422 IP 202-172-122-76.static.nsw-6.comcen.com.au.1175 > jc-in-f99.google.com.www: S 3109124259:3109124259(0) win 65535 <mss 1460,nop,nop,sackOK> That is a tcpdump of eth2 ... when typing 72.14.253.147 into a browser. Thanks again, - Tim G _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc