On Sat, 29 Sep 2001, Peter Billson wrote: > I have a Linux router with two connections from different service > providers (eth0 and eth1) coming in and want to route all traffic to go > out eth2. Eth0 is the router's default gateway > > I assigned eth2 two ips (eth2=192.168.0.1 and eth2:0=10.0.0.1)The > (important) routes are set to > > Network gateway netmask iface > 192.168.0.0 * 255.255.255.0 eth2 > 10.0.0.1 * 255.255.255.0 eth2 > (eth1 net) * 255.255.255.0 eth1 > default (eth0 ip) 0.0.0.0 eth0 > > Ips have been changed to protect the innocent. All ips are really in > the public IP space. > > I am *not* trying to load balance, do BGP or anything like that. I > basically want the boxen on the network to respond to packets coming > from either network. > > I'm using IPChains to get this all working nice.
Show us. > If I ping any of the IPs serviced by eth0 (remotely or locally) > everything works fine. I can ping eth0, eth2 or any of the boxes on the > network. > > From the router I can ping eth0, eth1, eth2, and IPs that should be > serviced by eth1 on the network and I can ping the provider going out > eth1. > > From the local network I can ping any other machine and *any* IP on > the router. > > But if I try to ping eth1, or any of the IPs serviced by eth1, from a > remote machine the packets come into the router and disappear. They do > not get DENYed, ACCEPTed or FORWARDed by IPChains on any interface. The > rules relating to eth0 and eth1 are identical. I am not sure if I understand this exactly. It may help to have more information. I have a feeling your replies are being sent out but are being firewalled by another router, since they appear to have a source address that doesn't belong to its network (i.e. address spoofing, SMURF attack). Jeremy C. Reed echo 'G014AE824B0-07CC?/JJFFFI?D64CB>D=3C427=>;>6HI2><J' | tr /-_ :\ Sc-y./ | sed swxw`uname`w -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]