IP Routing Conifuration Dilemma

Posted on 1998-10-11
Last Modified: 2010-03-18
I'm trying to set up a linux box as a router.
I have set up zillions of linux boxes as firewalls using IP MASQ but am unable to seem to get plain-old routing setup
I have already tried:
-enabled IP forwarding ( echo 1 > /proc/sys/net/ipv4/ip_forward)
-started a routed (redundant, but...)
-tried adding IP forwarding rules via ipfwadm (i.e. ipfwadm -F -a accept -S LAN/LANMASK -D 0/0 -W worldinterface0)

whats going on?
I have a feeling I'm dong somthing exceedingly stupid.
what is it? any ideas?  things to check?
thanks much.
Question by:blundar
  • 3
  • 2
  • 2

Accepted Solution

ghjm earned 50 total points
ID: 1587133
- Forget routed unless you want dynamically changing routes.
- Don't do anything with ipfwadm except to make sure it's not rejecting anything. (I assume you don't want firewall functions here.)
- Add static routes as appropriate using the "route" command
- Make sure the *other* machines on the network are set up correctly

It sounds to me like what you're missing is the routing. There's no magic, routed won't figure it out for you.

LVL 51

Expert Comment

ID: 1587134
did netstat -rn show appropriate routes?

Author Comment

ID: 1587135
all routes are ok... netmask (to the NAT cisco...) netmask (to LAN)

I can ping
I can ping 15.10.8.anything
I have 15.10.8.anything set up with (my machine, ethernet card 2) as the default gateway.
Whats goin on?
Im confused...
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

LVL 51

Expert Comment

ID: 1587136
Do all the hosts in your net have the same netmask (M$ for example is very picky about it)?
Do you have a default route to the default gateway, or do you believe that som protocol stacks use the first IP address in the net as default gateway (I would not recommend this)?

Author Comment

ID: 1587137
I'm gonna post the whole routing tables ASAP.
FYI- If I add a ipfwadm -F -a m -S -D and set the default gateway to the NAT box, it works fine.  go figure...


Expert Comment

ID: 1587138

The Cisco doesn't know how to route back to your network. That's the problem.

Add a static route on the Cisco that lists 15.10.0.xx (your Linux box's address on the Cisco's network) as the gateway for

Your Cisco is probably either sending packets to its default gateway, or trying to ARP for them on its local Ethernet, neither of which will work.


Author Comment

ID: 1587139
Thanks Graham.  I did that in my test pseudo-Cisco (Linux box w/ Masq) and things worked ok.  Further problems will be posted if any.  Thanks much.

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question