Solved

IP Routing Conifuration Dilemma

Posted on 1998-10-11
7
194 Views
Last Modified: 2010-03-18
I'm trying to set up a linux box as a router.
I have set up zillions of linux boxes as firewalls using IP MASQ but am unable to seem to get plain-old routing setup
I have already tried:
-enabled IP forwarding ( echo 1 > /proc/sys/net/ipv4/ip_forward)
-started a routed (redundant, but...)
-tried adding IP forwarding rules via ipfwadm (i.e. ipfwadm -F -a accept -S LAN/LANMASK -D 0/0 -W worldinterface0)

whats going on?
I have a feeling I'm dong somthing exceedingly stupid.
what is it? any ideas?  things to check?
thanks much.
-Dave
0
Comment
Question by:blundar
  • 3
  • 2
  • 2
7 Comments
 
LVL 1

Accepted Solution

by:
ghjm earned 50 total points
ID: 1587133
- Forget routed unless you want dynamically changing routes.
- Don't do anything with ipfwadm except to make sure it's not rejecting anything. (I assume you don't want firewall functions here.)
- Add static routes as appropriate using the "route" command
- Make sure the *other* machines on the network are set up correctly

It sounds to me like what you're missing is the routing. There's no magic, routed won't figure it out for you.

-Graham
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587134
did netstat -rn show appropriate routes?
0
 

Author Comment

by:blundar
ID: 1587135
Ok....
all routes are ok...
15.10.0.0 netmask 255.255.248.0 (to 15.10.0.1 the NAT cisco...)
15.10.8.0 netmask 255.255.248.0 (to LAN)

I can ping 15.10.0.1
I can ping 15.10.8.anything
I have 15.10.8.anything set up with 15.10.8.1 (my machine, ethernet card 2) as the default gateway.
Whats goin on?
Im confused...
-Dave
(2.0.35)
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587136
Do all the hosts in your net have the same netmask (M$ for example is very picky about it)?
Do you have a default route to the default gateway, or do you believe that som protocol stacks use the first IP address in the net as default gateway (I would not recommend this)?
0
 

Author Comment

by:blundar
ID: 1587137
I'm gonna post the whole routing tables ASAP.
FYI- If I add a ipfwadm -F -a m -S 15.10.8.0/21 -D 15.10.0.0/21 and set the default gateway to the NAT box, it works fine.  go figure...

0
 
LVL 1

Expert Comment

by:ghjm
ID: 1587138
Aha!

The Cisco doesn't know how to route back to your 15.10.8.0 network. That's the problem.

Add a static route on the Cisco that lists 15.10.0.xx (your Linux box's address on the Cisco's network) as the gateway for 15.10.8.0.

Your Cisco is probably either sending 15.10.8.0 packets to its default gateway, or trying to ARP for them on its local Ethernet, neither of which will work.

-Graham
0
 

Author Comment

by:blundar
ID: 1587139
Thanks Graham.  I did that in my test pseudo-Cisco (Linux box w/ Masq) and things worked ok.  Further problems will be posted if any.  Thanks much.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
fsstat very high only on nfs client side rhel 10 105
FTP File Transfer Failure 13 177
Can't get /etc/resolv.conf to configure after reboot 8 101
VPS for routing recomendations 3 65
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question