Re: Forwarding not work in FC9 but ip forward is turn on (SOLVED)
Hey guys, excuse for not having responded earlier, I had some problems at work, but to finally comment because of kevin I could find the problem. The problem was given by a lack of path but not on Linux, but on clients host in the configuration of the router zyxell itself. As I have noted, the packages were forwarded by linux without a problem and in fact arrived at the interface of the router zyxell, but because the router does not have a default route (gw), the router zyxell had no way to return the packages and this is why he did not receive a response. In the case of ping on both ends (the network 192.168.1.x to 192.168.5.x) the problem was on the windows client side (basically had created a icmp packet filtering :( _). I really hate not having done these so basic checks :( In conclusion forwarding package linux works the best. :) _ (Y) Many thanks for your help. and Sorry for my bad English :( -- This is an email sent via the webforum on http://fcp.surfsite.org http://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=292718topic_id=61844forum=10#forumpost292718 If you think, this is spam, please report this to [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
I need to access my LAN to the Internet but I can only do that from the hosts directly connected to the router zyxell (including FC), but not from my other LANS :( Please I need your support and thank you very much in advance!! This sounds like you don't have sufficient routing tables set up, its impossible to even speculate on your actual problems as you give so little precise information. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
snip 1) there is no default gateway entered in your netstat -nr command. Gateway 0.0.0.0 is missing in your routing table. So, where do you expect to go your traffic to? 2) you need the appropiate entries for accepting connections with iptables. just setting the ip.forward.v4 param is not that enough (IMHO). Use system-config-firewall: - set the NIC you want to accept connection as a trusted device (for test purposes now) - add a forward rule to the nic, you want to to forward, such as : iptables -A FORWARD -i [NIC_TO_FORWARD] -j ACCEPT Try, then you should see using iptables -L -v some traffic on the NIC and in the FORWARD state. HTH Roger There's no need for a default route in these cases since the traffic is all going to networks connected to the interfaces. If he was trying to send packets outside of these direct connected networks then he would need a default route, I agree. As to the firewall, he's set all of everything to ACCEPT in all cases at this point so traffic should just flow (I hate saying should just 'cause whenever I say it, it doesn't)..(might as well just turn off the firewall software actually during this testing...that would take one piece of the puzzle completely out of play). Kevin -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
ppps wrote: First off, what is that extra netstat -rn entry for eth6 (169.254.0.0...looks like some Windows default garbage)? Can't help but wonder what that's doing to routing to the 192.168.10 network on the machine. I have tried to eliminate that route with the command route del -net 169.254.0.0 netmask 255.255.0.0 This eliminates the route but on reboot again and lift it I do not know which file to modify to be removed. To get rid of that route permanently you can modify /etc/sysconfig/network. Add this line: NOZEROCONF=yes -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
ppps wrote: First off, what is that extra netstat -rn entry for eth6 (169.254.0.0...looks like some Windows default garbage)? Can't help but wonder what that's doing to routing to the 192.168.10 network on the machine. I have tried to eliminate that route with the command route del -net 169.254.0.0 netmask 255.255.0.0 This eliminates the route but on reboot again and lift it I do not know which file to modify to be removed. Ok, this has been answered by Mr. Wright. I think that you really don't need to worry about this route. It's used for default networking when your system is set to DHCP but does not get an address from a DHCP server (NIC self-assigns a 169.254.x.x address to itself). This also happens on Windows. I think that, the route itself will have no effect on your connectivity or networking. Next, why do you get two different traceroute results when you traceroute host 192.168.10.20 as shown below (doesn't make any sense)?: In the first tcpdump command, ping from 192.168.10.250 to 192.168.10.20 |firewall |--x--|switch | | host 192.168.10.20 | In de Second tcpdump command ping from 192.168.10.20 to 192.168.5.1 |host 192.168.10.20 ||switch | | FIRWALL |--x--| switch |- | HOST 192.168.5.1 | Ah, ok, my bad for not noticing that. Let's take this from the top (please correct me if I'm wrong): Your firewall has the 3 interfaces with 192.168.1.231/24, 192.168.5.254/24, and 192.168.10.250/24 as the interface addresses. You have 3 machines off-firewall with addresses 192.168.1.201, 192.168.5.1, and 192.168.10.20 (all in the /24 bit network, right?). 1).From the firewall, if you ping/traceroute to the 3 off firewall addresses, do they all work or only some of them? 2).From the off firewall addresses, does ping/traceroute to the 3 firewall addresses *on the same network* (so from ...1.201 to ...1.231, ...5.1 to ...5.254, and ...10.20 to ...10.250) work? 3).On the off firewall machines, what does a tcpdump show about the traffic coming from the firewall in (1) (when it works and when it doesn't work)? 4).From the off firewall machines, what are the results of pings/traceroutes from those machines to the other machines (so from 1.201 to 5.1, 1.201 to 10.20, 5.1 to 10.20, 5.1 to 1.201, 10.20 to 5.1, and 10.20 to 1.201...you need to do all of them to verify that the traceroutes are all using the same paths coming and going...I've seen networking weirdness where a traceroute from a - b shows 5 hops on 5 routers while a traceroute from b - a shows different routers/hops ). 5).On the off firewall machines, what do the routing tables look like? And what are the results of the command arp? Are all of the off firewall machines Linux boxes or are there Windows or other O.S. machines (and is the 5.1 box just a router?)? FWIW, it's often handy from a troubleshooting point of view and the sake of consistency to, if possible, have your firewall interfaces have the same ending octet (again, if possible in the network(s) that you are working with). If the firewall interfaces *always* have .254 as the last octet (or .110 or .1 or whatever as long as they are the same on each interface) then it makes it easier to understand your routing/network setup. snip -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
Am Tue, 23 Sep 2008 11:58:37 -0500 schrieb Kevin Martin [EMAIL PROTECTED]: ppps wrote: First off, what is that extra netstat -rn entry for eth6 (169.254.0.0...looks like some Windows default garbage)? Can't help but wonder what that's doing to routing to the 192.168.10 network on the machine. I have tried to eliminate that route with the command route del -net 169.254.0.0 netmask 255.255.0.0 This eliminates the route but on reboot again and lift it I do not know which file to modify to be removed. Ok, this has been answered by Mr. Wright. I think that you really don't need to worry about this route. It's used for default networking when your system is set to DHCP but does not get an address from a DHCP server (NIC self-assigns a 169.254.x.x address to itself). This also happens on Windows. I think that, the route itself will have no effect on your connectivity or networking. Next, why do you get two different traceroute results when you traceroute host 192.168.10.20 as shown below (doesn't make any sense)?: In the first tcpdump command, ping from 192.168.10.250 to 192.168.10.20 |firewall |--x--|switch | | host 192.168.10.20 | In de Second tcpdump command ping from 192.168.10.20 to 192.168.5.1 |host 192.168.10.20 ||switch | | FIRWALL |--x--| switch |- | HOST 192.168.5.1 | Ah, ok, my bad for not noticing that. Let's take this from the top (please correct me if I'm wrong): Your firewall has the 3 interfaces with 192.168.1.231/24, 192.168.5.254/24, and 192.168.10.250/24 as the interface addresses. You have 3 machines off-firewall with addresses 192.168.1.201, 192.168.5.1, and 192.168.10.20 (all in the /24 bit network, right?). 1).From the firewall, if you ping/traceroute to the 3 off firewall addresses, do they all work or only some of them? 2).From the off firewall addresses, does ping/traceroute to the 3 firewall addresses *on the same network* (so from ...1.201 to ...1.231, ...5.1 to ...5.254, and ...10.20 to ...10.250) work? 3).On the off firewall machines, what does a tcpdump show about the traffic coming from the firewall in (1) (when it works and when it doesn't work)? 4).From the off firewall machines, what are the results of pings/traceroutes from those machines to the other machines (so from 1.201 to 5.1, 1.201 to 10.20, 5.1 to 10.20, 5.1 to 1.201, 10.20 to 5.1, and 10.20 to 1.201...you need to do all of them to verify that the traceroutes are all using the same paths coming and going...I've seen networking weirdness where a traceroute from a - b shows 5 hops on 5 routers while a traceroute from b - a shows different routers/hops ). 5).On the off firewall machines, what do the routing tables look like? And what are the results of the command arp? Are all of the off firewall machines Linux boxes or are there Windows or other O.S. machines (and is the 5.1 box just a router?)? FWIW, it's often handy from a troubleshooting point of view and the sake of consistency to, if possible, have your firewall interfaces have the same ending octet (again, if possible in the network(s) that you are working with). If the firewall interfaces *always* have .254 as the last octet (or .110 or .1 or whatever as long as they are the same on each interface) then it makes it easier to understand your routing/network setup. snip erm, btw, what the nic-setup of one of your client-computers? Roger -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
Hey guys, first of all I would like to thank them for their great support, thanks to that I could now bring forward a package from both ends, or for any network, except for one detail :( The 192.168.5.0 network is supported by a router zyxell Prestige 660-Hw T1-V2 that gives me access to the Internet. Through this router I can reach computers behind the router zyxell (example: from 192.168.5.20 to 192.168.1.210 via linux FC9), but unfortunately from 192.168.1.210 I can not ping the interface of the router ZyXEL (IP: 192,168 .5.1). But if I can ping from 192.168.5.254 (linux FC) to 192.168.5.20. This is quite strange to me :(. I mean Pinging 192.168.1.210 192.168.5.1 does NOT WORK! :( Pinging 192.168.5.254 192.168.5.1 if it works! 192.168.5.20 Pinging 192.168.5.1 also works I called my ISP and I asked for some filter on the router itself that prevents the ping, but they say that with the default settings there is no filter that blocks access to the interface. I even reset the router ZyXEL to the default values but does not work. My supplier tells me that there is something in linux known as an echo which I turn off in my linux FC but they have no idea how to do it. : ( I need to access my LAN to the Internet but I can only do that from the hosts directly connected to the router zyxell (including FC), but not from my other LANS :( Please I need your support and thank you very much in advance!! -- This is an email sent via the webforum on http://fcp.surfsite.org http://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=291865topic_id=61844forum=10#forumpost291865 If you think, this is spam, please report this to [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
Hey guys, first of all I would like to thank them for their great support, thanks to that I could now bring forward a package from both ends, or for any network, except for one detail. The 192.168.5.0 network is supported by a router zyxell Prestige 660-Hw T1-V2, that give me access to the Internet. Through this router I can reach computers behind the router zxyell (example: from 192.168.5.20 to 192.168.1.210 via linux FC9), but unfortunately from 192.168.1.210 I can not ping the interface of the router ZyXEL (IP: 192,168 .5.1). But if I can ping from 192.168.5.254 (linux FC) to 192.168.5.20 (as mentioned above). This is quite strange to me :( . I mean Pinging 192.168.1.210 192.168.5.1 does NOT WORK! :( Pinging 192.168.5.254 192.168.5.1 if it works! 192.168.5.20 Pinging 192.168.5.1 also works I called my ISP and I asked for some filter on the router itself that prevents the ping, but they say that with the default settings there is no filter that blocks access to the interface. I even reset the router ZyXEL to the default values but does not work. My supplier tells me that there is something in linux known as an echo in which I turn off my linux FC but who have no idea how to do it. :( I need to access my LAN to the Internet but I can only do that from the hosts directly connected to the router zyxell (including FC), but not from my other lamentablmente LANS :( Please I need your support and thank you very much in advance!! -- This is an email sent via the webforum on http://fcp.surfsite.org http://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=291870topic_id=61844forum=10#forumpost291870 If you think, this is spam, please report this to [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
Hey guys, first of all I would like to thank them for their great support, thanks to that I could now bring forward a package from both ends, or for any network, except for one detail. The 192.168.5.0 network is supported by a router zyxell Prestige 660-Hw T1-V2, that give me access to the Internet. Through this router I can reach computers behind the router zxyell (example: from 192.168.5.20 to 192.168.1.210 via linux FC9), but unfortunately from 192.168.1.210 I can not ping the interface of the router ZyXEL (IP: 192,168 .5.1). But if I can ping from 192.168.5.254 (linux FC) to 192.168.5.20 (as mentioned above). This is quite strange to me :( . I mean Pinging 192.168.1.210 192.168.5.1 does NOT WORK! :( Pinging 192.168.5.254 192.168.5.1 if it works! 192.168.5.20 Pinging 192.168.5.1 also works I called my ISP and I asked for some filter on the router itself that prevents the ping, but they say that with the default settings there is no filter that blocks access to the interface. I even reset the router ZyXEL to the default values but does not work. My supplier tells me that there is something in linux known as an echo in which I turn off my linux FC but who have no idea how to do it. :( I need to access my LAN to the Internet but I can only do that from the hosts directly connected to the router zyxell (including FC), but not from my other lamentablmente LANS :( Please I need your support and thank you very much in advance!! -- This is an email sent via the webforum on http://fcp.surfsite.org http://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=291871topic_id=61844forum=10#forumpost291871 If you think, this is spam, please report this to [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
ppps wrote: Hey guys, first of all I would like to thank them for their great support, thanks to that I could now bring forward a package from both ends, or for any network, except for one detail :( The 192.168.5.0 network is supported by a router zyxell Prestige 660-Hw T1-V2 that gives me access to the Internet. Through this router I can reach computers behind the router zyxell (example: from 192.168.5.20 to 192.168.1.210 via linux FC9), but unfortunately from 192.168.1.210 I can not ping the interface of the router ZyXEL (IP: 192,168 .5.1). But if I can ping from 192.168.5.254 (linux FC) to 192.168.5.20. This is quite strange to me :(. I mean Pinging 192.168.1.210 192.168.5.1 does NOT WORK! :( Pinging 192.168.5.254 192.168.5.1 if it works! 192.168.5.20 Pinging 192.168.5.1 also works I called my ISP and I asked for some filter on the router itself that prevents the ping, but they say that with the default settings there is no filter that blocks access to the interface. I even reset the router ZyXEL to the default values but does not work. My supplier tells me that there is something in linux known as an echo which I turn off in my linux FC but they have no idea how to do it. : ( I need to access my LAN to the Internet but I can only do that from the hosts directly connected to the router zyxell (including FC), but not from my other LANS :( Please I need your support and thank you very much in advance!! You make this very difficult as you've changed ip addresses and your not running the tests that you have been asked to run to prove routing from network - network from the firewall and thru the firewall. *However* trying to use what your showing now it appears that you don't have the route from the 1.x network (1.210 in this case) to the ...5.x network (5.1, your zyxell router) setup correctly. What is your default route on the 1.210 machine set to? Do (on the firewall): tcpdump -i eth5 -n -nn -vvv host 192.168.5.1 tcpdump -i eth4 -n -nn -vvv host 192.168.5.1 And then run a ping 192.168.5.1 from the 192.168.1.210 host, what do you see? Also, if your zyxell router is your internet router then your firewall will need a default route set to 192.168.5.1 to allow traffic to pass to the zyxell for internet traffic. Kevin -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
Hi Mike, thanks for the reply unfortunately this does not help :( my routing table already has these routes :( and while trying to run the ip route it return Rtnetlink answers: File exists I have tried to eliminate routes with the route del -net 192.168.10.0 netmask 255.255.255.0 and then add the path using ip route add dev 192.168.10.0/24 eth ... Unfortunately, although this adds routes, it's not work inside / etc/sysconfig/network-script/ifcfg-eth4 options are: DEVICE = eth4 HWADDR = 00:19: D1: 8C: 02:5 e ONBOOT = yes NM_CONTROLLED = no TYPE = Ethernet USERCTL = no PEERDNS = yes IPV6INIT = no BOOTPROTO = none NETMASK = 255.255.255.0 IPADDR = 192.168.5.254 In a similar way for other interfaces. Like this content in / etc/sysconfig/networking/devices/ifcfg-eth4 : ( it is curious to me that this step also with the same configuration but in opensuse 11 In my fedora the kernel is 2.6.25-14. I think that might be missing activate an option in the kernel or sysctl Best regards -- This is an email sent via the webforum on http://fcp.surfsite.org http://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=291586topic_id=61844forum=10#forumpost291586 If you think, this is spam, please report this to [EMAIL PROTECTED] -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
ppps wrote: Hi Mike, thanks for the reply unfortunately this does not help :( my routing table already has these routes :( and while trying to run the ip route it return Rtnetlink answers: File exists I have tried to eliminate routes with the route del -net 192.168.10.0 netmask 255.255.255.0 and then add the path using ip route add dev 192.168.10.0/24 eth ... Unfortunately, although this adds routes, it's not work inside / etc/sysconfig/network-script/ifcfg-eth4 options are: DEVICE = eth4 HWADDR = 00:19: D1: 8C: 02:5 e ONBOOT = yes NM_CONTROLLED = no TYPE = Ethernet USERCTL = no PEERDNS = yes IPV6INIT = no BOOTPROTO = none NETMASK = 255.255.255.0 IPADDR = 192.168.5.254 In a similar way for other interfaces. Like this content in / etc/sysconfig/networking/devices/ifcfg-eth4 : ( it is curious to me that this step also with the same configuration but in opensuse 11 In my fedora the kernel is 2.6.25-14. I think that might be missing activate an option in the kernel or sysctl Best regards Pedro, Can you post netstat -rn output from the machines you are tesing from in all of the different lans? Also, I've never seen traceroute output quite like you show. Could you do traceroutes from your firewall machine to hosts in the other lans and from hosts in the other lans to hosts in the other lans that would have to cross the firewall machine and post the output of that information? Also, you *may* have to use -i with the traceroute (but man says it should *just work*). Kevin -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Forwarding not work in FC9 but ip forward is turn on
ppps wrote: Hi Kevin, hier the information Information from FIREWALL - [EMAIL PROTECTED] [1] ~]# ifconfig eth4 Link encap:Ethernet HWaddr 00:19:D1:8C:02:5E inet addr:192.168.5.254 Bcast:192.168.5.255 Mask:255.255.255.0 inet6 addr: fe80::219:d1ff:fe8c:25e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:101 errors:0 dropped:0 overruns:0 frame:0 TX packets:261 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:7212 (7.0 KiB) TX bytes:18747 (18.3 KiB) Memory:5220-5222 eth5 Link encap:Ethernet HWaddr 00:0A:5E:78:C4:8C inet addr:192.168.1.231 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20a:5eff:fe78:c48c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9091 errors:0 dropped:0 overruns:0 frame:0 TX packets:412 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:861240 (841.0 KiB) TX bytes:43976 (42.9 KiB) Interrupt:18 Base address:0x4900 eth6 Link encap:Ethernet HWaddr 00:0A:5E:79:81:85 inet addr:192.168.10.250 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::20a:5eff:fe79:8185/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:550 errors:0 dropped:0 overruns:0 frame:0 TX packets:138 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:65826 (64.2 KiB) TX bytes:11900 (11.6 KiB) Interrupt:22 Base address:0xc980 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:13 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1104 (1.0 KiB) TX bytes:1104 (1.0 KiB) [EMAIL PROTECTED] [2] ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth5 192.168.10.00.0.0.0 255.255.255.0 U 0 0 0 eth6 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth6 [EMAIL PROTECTED] [3] ~]# cat /proc/sys/net/ipv4/ip_forward 1 [EMAIL PROTECTED] [4] ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted [EMAIL PROTECTED] [5] ~]# iptables -L -n -v Chain INPUT (policy ACCEPT 1758 packets, 182K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 89 packets, 6036 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 600 packets, 69134 bytes) pkts bytes target prot opt in out source destination [EMAIL PROTECTED] [6] ~]# iptables -L -n -v -t nat Chain PREROUTING (policy ACCEPT 1006 packets, 135K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 92 packets, 6288 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 312 bytes) pkts bytes target prot opt in out source destination [EMAIL PROTECTED] [7] ~]# iptables -L -n -v -t nat -t mangle Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination [EMAIL PROTECTED] [8] ~]# traceroute 192.168.5.1 traceroute to 192.168.5.1 (192.168.5.1), 30 hops max, 40 byte packets 1 * * * 2
Re: Forwarding not work in FC9 but ip forward is turn on
snip [EMAIL PROTECTED] [2] ~]# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth5 192.168.10.00.0.0.0 255.255.255.0 U 0 0 0 eth6 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth6 [EMAIL PROTECTED] [5] ~]# iptables -L -n -v Chain INPUT (policy ACCEPT 1758 packets, 182K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 89 packets, 6036 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 600 packets, 69134 bytes) pkts bytes target prot opt in out source destination [EMAIL PROTECTED] [6] ~]# iptables -L -n -v -t nat Chain PREROUTING (policy ACCEPT 1006 packets, 135K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 92 packets, 6288 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 312 bytes) pkts bytes target prot opt in out source destination [EMAIL PROTECTED] [7] ~]# iptables -L -n -v -t nat -t mangle Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination /snip 1) there is no default gateway entered in your netstat -nr command. Gateway 0.0.0.0 is missing in your routing table. So, where do you expect to go your traffic to? 2) you need the appropiate entries for accepting connections with iptables. just setting the ip.forward.v4 param is not that enough (IMHO). Use system-config-firewall: - set the NIC you want to accept connection as a trusted device (for test purposes now) - add a forward rule to the nic, you want to to forward, such as : iptables -A FORWARD -i [NIC_TO_FORWARD] -j ACCEPT Try, then you should see using iptables -L -v some traffic on the NIC and in the FORWARD state. HTH Roger -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
