Hi, RedHat disables ip forwarding by default. Change the FORWARD_IPV4=false line in /etc/sysconfig/network to true and reboot. HTH Henrik On Fri, 30 Oct 1998, root wrote: > Hi, > I've got a serious problem with linux 2.0.35 (redhat 5.1 fully updated) > trying to get it work as a router. This picture describes my net config: > > > > > internet router educ.disi.unige.it rubino.educ.... >(router) private net > 130.251.152.254 ---------- 130.251.152.0 ------------- ...234 >192.168.1.234 --- 192.168.1.235 > netmask 255.255.255.0 eth0 >eth1 eth0 > >mithrandir.gondor.net sauron.gondor.net > > The two hosts ping each other on 192.168.1.0 network and I can ping rubino >130.251.152.234 from > sauron. > > But I can't get to any host on educ network from sauron (no ping, no traceroute) > > I've tried with stock redhat kernel and then with a custom kernel with bridging > enabled. I've followed the guidelines in Firewall+Bridge HOWTO. > Nothing to do. > > I hope I've stated my problem clearly. If not, forgive me because I'm in a hurry > and I must leave department right now > > Am I missing something? Can you help me to get rubino to work properly as a router? > I'm in desperate need of your help. > Thank you very much. > > Following is the relevant config and tcpdump output > > > Francesco Faenzi ([EMAIL PROTECTED] and [EMAIL PROTECTED]) > > > > >================================================================================================ > > > > dmesg > > Ethernet Bridge 002 for NET3.035 (Linux 2.0) > > 3c59x.c:v0.99E 5/12/98 Donald Becker >http://cesdis.gsfc.nasa.gov/linux/drivers/vortex.html > eth0: 3Com 3c905 Boomerang 100baseTx at 0x6100, 00:60:97:b1:ca:db, IRQ 10 > 8K word-wide RAM 3:5 Rx:Tx split, NWay Autonegotiation interface. > MII transceiver found at address 24, status 7869. > Enabling bus-master transmits and whole-frame receives. > ne.c: PCI BIOS reports NE 2000 clone at i/o 0x6000, irq 11. > ne.c:v1.10 9/23/94 Donald Becker ([EMAIL PROTECTED]) > NE*000 ethercard probe at 0x6000: 00 20 18 2c 11 a9 > eth1: NE2000 found at 0x6000, using IRQ 11. > > >------------------------------------------------------------------------------------------- > > cp /etc/nologin.system_time /etc/nologin > > stop_services > > Name Server Stopped > holelogd.named stopped > Shutting down httpd: httpd > Shutting down NFS services: rpc.mountd rpc.nfsd > Shutting down sendmail: sendmail > Shuting down NIS services: ypbind > Shutting down SMB services: smbd nmbd > Shutting down lpd: lpd > Unmounting remote filesystems. > > >------------------------------------------------------------------------------------------- > > cat /etc/sysconfig/network > NETWORKING=yes > FORWARD_IPV4=true > HOSTNAME="rubino.educ.disi.unige.it" > DOMAINNAME=educ.disi.unige.it > GATEWAY=130.251.152.254 > GATEWAYDEV=eth0 > # >>> ADDED > NISDOMAIN=educ.disi.unige.it > # <<< > > cat /etc/sysconfig/network-scripts/ifcfg-eth0 > DEVICE="eth0" > IPADDR="130.251.152.234" > NETMASK="255.255.255.0" > NETWORK=130.251.152.0 > BROADCAST=130.251.152.255 > ONBOOT="yes" > BOOTPROTO="none" > IPXNETNUM_802_2="" > IPXPRIMARY_802_2="no" > IPXACTIVE_802_2="no" > IPXNETNUM_802_3="" > IPXPRIMARY_802_3="no" > IPXACTIVE_802_3="no" > IPXNETNUM_ETHERII="" > IPXPRIMARY_ETHERII="no" > IPXACTIVE_ETHERII="no" > IPXNETNUM_SNAP="" > IPXPRIMARY_SNAP="no" > IPXACTIVE_SNAP="no" > > cat /etc/sysconfig/network-scripts/ifcfg-eth1 > DEVICE="eth1" > IPADDR="192.168.1.234" > NETMASK="255.255.255.0" > ONBOOT="yes" > BOOTPROTO="none" > IPXNETNUM_802_2="" > IPXPRIMARY_802_2="no" > IPXACTIVE_802_2="no" > IPXNETNUM_802_3="" > IPXPRIMARY_802_3="no" > IPXACTIVE_802_3="no" > IPXNETNUM_ETHERII="" > IPXPRIMARY_ETHERII="no" > IPXACTIVE_ETHERII="no" > IPXNETNUM_SNAP="" > IPXPRIMARY_SNAP="no" > IPXACTIVE_SNAP="no" > > cat /etc/sysconfig/network-scripts/ifcfg-eth1 (2nd try - doesn't work) > DEVICE="eth1" > IPADDR="192.168.1.234" > NETMASK="255.255.255.0" > NETWORK="192.168.1.0" > BROADCAST="192.168.1.255" > GATEWAY="130.251.152.234" > ONBOOT="yes" > BOOTPROTO="none" > IPXNETNUM_802_2="" > IPXPRIMARY_802_2="no" > IPXACTIVE_802_2="no" > IPXNETNUM_802_3="" > IPXPRIMARY_802_3="no" > IPXACTIVE_802_3="no" > IPXNETNUM_ETHERII="" > IPXPRIMARY_ETHERII="no" > IPXACTIVE_ETHERII="no" > IPXNETNUM_SNAP="" > IPXPRIMARY_SNAP="no" > IPXACTIVE_SNAP="no" > > (I get the following: > ne.c: PCI BIOS reports NE 2000 clone at i/o 0x6000, irq 11. > ne.c:v1.10 9/23/94 Donald Becker ([EMAIL PROTECTED]) > NE*000 ethercard probe at 0x6000: 00 20 18 2c 11 a9 > eth1: NE2000 found at 0x6000, using IRQ 11. > SIOCADDRT: Invalid argument > ) > > > >------------------------------------------------------------------------------------------- > > ifconfig > lo Link encap:Local Loopback > inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 > UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 > RX packets:152 errors:0 dropped:0 overruns:0 > TX packets:152 errors:0 dropped:0 overruns:0 > > eth0 Link encap:Ethernet HWaddr 00:60:97:B1:CA:DB > inet addr:130.251.152.234 Bcast:130.251.152.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:650 errors:0 dropped:0 overruns:0 > TX packets:727 errors:0 dropped:0 overruns:0 > Interrupt:10 Base address:0x6100 > > eth1 Link encap:Ethernet HWaddr 00:20:18:2C:11:A9 > inet addr:192.168.1.234 Bcast:192.168.1.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:11 errors:0 dropped:0 overruns:0 > TX packets:66 errors:0 dropped:0 overruns:0 > Interrupt:11 Base address:0x6000 > > > >------------------------------------------------------------------------------------------- > > route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > 130.251.152.0 0.0.0.0 255.255.255.0 U 0 0 5 eth0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 2 eth1 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 1 lo > 0.0.0.0 130.251.152.254 0.0.0.0 UG 0 0 1 eth0 > > >------------------------------------------------------------------------------------------- > > (as suggested in Bridge+Firewall HOWTO) > > ifconfig eth0 promisc > eth0: Setting promiscuous mode. > eth0: Setting promiscuous mode. > > ifconfig eth1 promisc > > ifconfig eth0 arp > eth0: Setting promiscuous mode. > eth0: Setting promiscuous mode. > > ifconfig eth1 arp > > brcfg -enable > bridging is ENABLED debugging is DISABLED > bridge id 0x0001 00:60:97:b1:ca:db > designated root 0x0001 00:60:97:b1:ca:db > bridge max age 20 max age 20 > bridge hello time 2 hello time 2 > bridge forward delay 15 forward delay 15 > root path cost 0 root port 0 > flags NONE > --- port stats --- > port 1 port id 0x0001 port state FORWARDING (0x3) > designated root 0x0001 00:60:97:b1:ca:db > designated bridge 0x0001 00:60:97:b1:ca:db > path cost 100 designated cost 0 > designated port 1 flags NONE > port 2 port id 0x0002 port state FORWARDING (0x3) > designated root 0x0001 00:60:97:b1:ca:db > designated bridge 0x0001 00:60:97:b1:ca:db > path cost 100 designated cost 0 > designated port 128 flags NONE > > >------------------------------------------------------------------------------------------- > > cat /proc/sys/net/ipv4/ip_forward > 1 > > >------------------------------------------------------------------------------------------- > > FROM 192.168.1.235 > ------------------ > > ping 192.168.1.234 > OK > > ping 130.251.152.234 > OK > > ping 130.251.152.1 > NO > > THE BRIDGE > ---------- > > WHILE PINGING FROM INTERNAL HOST 192.168.1.235 > > tcpdump -i eth1 > tcpdump: listening on eth1 > 09:29:47.053696 sauron.gondor.net > selene: icmp: echo request > > tcpdump -i eth0 > eth0: Setting promiscuous mode. > eth0: Setting promiscuous mode. > tcpdump: listening on eth0 > 09:30:40.043696 sauron.gondor.net > selene: icmp: echo request > > tcpdump -i eth0 -e host 192.168.1.235 > eth0: Setting promiscuous mode. > eth0: Setting promiscuous mode. > tcpdump: listening on eth0 > 09:31:28.033696 0:60:97:b1:ca:db 8:0:20:77:bb:66 ip 98: sauron.gondor.net > selene: >icmp: echo request > > tcpdump -i eth0 src host sauron > > WHILE TRACEROUTEING FROM BRIDGE : traceroute -s 192.168.1.234 130.251.152.1 > > tcpdump -i eth0 src host 192.168.1.234 > eth0: Setting promiscuous mode. > eth0: Setting promiscuous mode. > tcpdump: listening on eth0 > 09:32:50.353696 mithrandir.gondor.net.33613 > selene.33435: udp 12 [ttl 1] > 09:33:10.393696 mithrandir.gondor.net.33613 > selene.33439: udp 12 > > tcpdump -i eth0 -e host 192.168.1.234 > eth0: Setting promiscuous mode. > eth0: Setting promiscuous mode. > tcpdump: listening on eth0 > 09:33:45.593696 0:60:97:b1:ca:db 8:0:20:77:bb:66 ip 54: mithrandir.gondor.net.33614 >> selene.33436: udp 12 [ttl 1] > > (eth0: hw address 00:60:97:B1:CA:DB) > > (eth1:hw address 00:20:18:2C:11:A9) > - > To unsubscribe from this list: send the line "unsubscribe linux-net" in > the body of a message to [EMAIL PROTECTED] > -- Henrik Olsen, CNA, working on CNE. URL=http://www.iaeste.dk/~henrik/ Get the rest there. - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
