Hi,
I have a few questions related to setting up a Linux router and am hoping
someone here will have some knowledge in this area. I have a DSL connection
and have a Linux box between the DSL modem and my hub. It contains two
network cards, a 3c50910baset to the DSL modem (eth1) and a 3c905b 100basetx
to a 100basetx hub (eth0). Previously, the router used ethernet bridging
which worked fine though it does have an outside IP. All the IPs on my
network are outside (fully routable IPs).
I am wanting to use standard routing to handle the traffic on the router
rather than bridging. The only protocol I understand has to be bridged is
ARP. I set it up as follows.
argus eth1 209.53.19.10/255.255.192.0
argus eth1 default gw 209.53.18.254
argus eth0 209.53.19.10/255.255.192.0
argus eth0 route del -net 209.53.0.0 netmask 255.255.192.0 eth0
argus route add -host 209.53.19.191 eth0
209.53.19.191 is an IP of a local machine behind the firewall
finally:
argus: ipchains -A forward -s 209.53.19.191 -j ACCEPT
argus: ipchains -A forward -d 209.53.19.191 -J accept
I enabled arp bridging with brcfg start exempt ip as well as IP forwarding
with sysctl. The strange thing is that when I ping an outside machine from
behind the router, the packet gets forwarded alright but a reply is never
received. A "tcpdump -i eth1" on argus shows the ping coming out and a
reply coming back. The first counter in the forward chain goes up but the
second does not. It's like that ICMP reply packet isn't making it into the
firewall chain. Actually I added an accounting rule into the input chain
with -d 209.53.19.191 and the counter remained at zero, yet I could see
packets coming in which matched the rule.
I don't have much experience with routing so any information anyone provide
would be appreciated.
PS. Are there any good HOWTOs on this topic as I imagine setting up a "real
router" without ipmasq is fairly common.
Best regards,
Shane
--
Shane Wegner: [EMAIL PROTECTED]
Personal website: http://www.cm.nu/~shane/ Fax: (604) 930-0529
PGP: keyid: 2048/1C0FFA59 ICQ UIN: 120000
Fingerprint: C6 5F B3 85 0B 11 30 F3
52 89 0C 6C 49 08 94 7B
PGP signature
