Answer the question
In order to leave comments, you need to log in
Linux machine as a router
Good afternoon.
There is a linux computer with two network cards:
- eth0: looks to the local network
- eth1: the Internet comes here
For clarity, ifconfig example:
Here are my routes:
The iptables rules are empty:
The problem is that the computer has Internet :
But not on the second network card:
And, by the way, forwarding is enabled:
Tell me, what could be the problem?
eth0 Link encap:Ethernet HWaddr 00:17:31:4b:3d:3b
inet addr:213.33.158.46 Bcast:213.33.158.255 Mask:255.255.255.0
inet6 addr: fe80::217:31ff:fe4b:3d3b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3540 errors:0 dropped:0 overruns:0 frame:0
TX packets:1427 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:322615 (322.6 KB) TX bytes:128062 (128.0 KB)
Interrupt:17 Base address:0xd400
eth1 Link encap:Ethernet HWaddr 1c:bd:b9:87:5f:47
inet addr:213.33.159.42 Bcast:213.33.159.47 Mask:255.255.255.248
inet6 addr: fe80::1ebd:b9ff:fe87:5f47/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11030 errors:0 dropped:8929145 overruns:0 frame:7339920
TX packets:13868 errors:6 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8087894 (8.0 MB) TX bytes:2447139 (2.4 MB)
Interrupt:21 Base address:0xcc00
zavulon vir # ip ro ls
169.254.0.0/16 dev eth1 scope link metric 1000
default via 213.33.159.41 dev eth1 proto static
zavulon vir # route -n
Таблица маршутизации ядра протокола IP
Destination Gateway Genmask Flags Metric Ref Use Iface
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1
0.0.0.0 213.33.159.41 0.0.0.0 UG 0 0 0 eth1
zavulon vir # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
zavulon vir # ping ya.ru
PING ya.ru (87.250.250.203) 56(84) bytes of data.
64 bytes from www.yandex.ru (87.250.250.203): icmp_req=1 ttl=59 time=2.81 ms
64 bytes from www.yandex.ru (87.250.250.203): icmp_req=2 ttl=59 time=2.28 ms
^C
--- ya.ru ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 2.281/2.549/2.818/0.273 ms
zavulon vir # ping -I eth0 ya.ru
PING ya.ru (77.88.21.3) from 213.33.158.46 eth0: 56(84) bytes of data.
^C
--- ya.ru ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1005ms
zavulon vir # cat /proc/sys/net/ipv4/ip_forward
1
zavulon vir # cat /etc/sysctl.conf | grep forward
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Answer the question
In order to leave comments, you need to log in
NAT won't work for you
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
The routes do not show where to look for the network 213.33.158.*/?
But there is 169.254.0.0/16 which for some reason is tied to eth1
Go to ping.eu/ping/ or any other "ping online" and try to ping to 213.33.158.46.
On the router, use tcpdump (tcpdump -nn -i eth1 icmp) to see if you are receiving pings from outside. If not, argue with your ISP: they don't have a route to 213.33.158.0/24 (well, or they do, but it's not you).
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question