Complete.Org: Mailing Lists: Archives: discussion: September 1998:
Re: [aclug-L] IP Forwarding
Home

Re: [aclug-L] IP Forwarding

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: aclug-L@xxxxxxxxxxxx
Subject: Re: [aclug-L] IP Forwarding
From: JOHNSTONE JEREMY S <jsjohnst@xxxxxxxxxxx>
Date: Mon, 14 Sep 1998 22:49:17 -0500 (CDT)
Reply-to: aclug-L@xxxxxxxxxxxx

Ok, here goes nothing. The easiest way to fix this problem is to fix it on
the remote machines. What you need to do (assuming they are running linux
is to type:

For machines on the first network:
route add -net <net 2's network address> gw <net1 firewall ip> dev eth0

For machines on the second network:
route add -net <net 1's network address> gw <net2 firewall ip> dev eth0
exp: 
route add -net 198.248.166.0 gw 192.168.2.1 dev eth0
route add -net 192.168.2.0 gw 198.248.166.17 dev eth0

or you can set it up using ipfwadm, I beleive the commands you would need
are (its been a while since I configured my network):
ipfwadm -F -a accept -S 192.168.2.0/24 -D 198.248.166.0/24 -W eth0
ipfwadm -F -a accept -S 198.248.166.0/24 -D 192.168.2.0/24 -W eth1

As a side note, I thought it was quite interesting that I can send over
5000 8k packets per second (with under 50% utiliz. on my 100Base-T net)
for over 2 hours sending a total of 863434 packets and it only lost 61.


Jeremy

On Mon, 14 Sep 1998, Glen Diener wrote:

> Im attempting to use a Linux (Caldera OpenLinux) box  as a firewall which
> forwards IP packets from one network to another.  I have two working
> network cards installed in the server and have recompiled, according to
> the Linux howto pages, the kernel to include the necessary features for IP
> forwarding/masquerading.  Both sides of the firewall can ping the IP
> number of the network card which is directly attached, but, neither side
> can ping the IP numbers on the other network.  My configuration is as
> follows:
> 
> [root@bilbo glen]# ifconfig
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
>           UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
>           RX packets:61 errors:0 dropped:0 overruns:0
>           TX packets:61 errors:0 dropped:0 overruns:0
> 
> eth0      Link encap:Ethernet  HWaddr 00:A0:C9:71:53:FF
>           inet addr:198.248.166.17  Bcast:198.248.166.255
> Mask:255.255.255.0
>           IPX/Ethernet 802.2 addr:00A0C97153FF
>           IPX/Ethernet 802.3 addr:00000501:00A0C97153FF
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:171530 errors:0 dropped:0 overruns:0
>           TX packets:7248 errors:0 dropped:0 overruns:0
>           Interrupt:5 Base address:0xe400
> 
> eth1      Link encap:Ethernet  HWaddr 00:A0:C9:71:53:FE
>           inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:202 errors:0 dropped:0 overruns:0
>           TX packets:119 errors:0 dropped:0 overruns:1
>           Interrupt:9 Base address:0xe800
> 
> [root@bilbo glen]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 255.255.255.255 0.0.0.0         255.255.255.255 UH    0      0        0
> eth0
> 198.248.166.0   0.0.0.0         255.255.255.0   U     0      0       21
> eth0
> 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        3
> eth1
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        5 lo
> 0.0.0.0         198.248.166.254 0.0.0.0         UG    1      0        5
> eth0
> [root@bilbo glen]#
> 
> 
> The ipfwadm commands I've used are those given in the IP Masquerading
> howto page. 
> 
>       ipfwadm -F -p deny 
>        ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 
> 
> Any suggestions on why this doesn't work or how I can diagnose the
> problem? 
> 
> 
> Glen Diener
> Tabor College
> glen@xxxxxxxxxxxxxxxx
> 
> ---
> This is the Air Capitol Linux Users Group discussion list.  If you
> want to unsubscribe, send the word "unsubscribe" to
> aclug-L-request@xxxxxxxxxxxx.  If you want to post to the list, send your
> message to aclug-L@xxxxxxxxxxxx.
> 

---
This is the Air Capitol Linux Users Group discussion list.  If you
want to unsubscribe, send the word "unsubscribe" to
aclug-L-request@xxxxxxxxxxxx.  If you want to post to the list, send your
message to aclug-L@xxxxxxxxxxxx.



[Prev in Thread] Current Thread [Next in Thread]