Linux machine as a router

I

Igor Chernyshev2011-05-18 12:39:37

linux

Igor Chernyshev, 2011-05-18 12:39:37

Good afternoon.

There is a linux computer with two network cards:
- eth0: looks to the local network
- eth1: the Internet comes here

For clarity, ifconfig example: Here are my routes: The iptables rules are empty: The problem is that the computer has Internet : But not on the second network card: And, by the way, forwarding is enabled: Tell me, what could be the problem?

eth0 Link encap:Ethernet HWaddr 00:17:31:4b:3d:3b inet addr:213.33.158.46 Bcast:213.33.158.255 Mask:255.255.255.0 inet6 addr: fe80::217:31ff:fe4b:3d3b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3540 errors:0 dropped:0 overruns:0 frame:0 TX packets:1427 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:322615 (322.6 KB) TX bytes:128062 (128.0 KB) Interrupt:17 Base address:0xd400 eth1 Link encap:Ethernet HWaddr 1c:bd:b9:87:5f:47 inet addr:213.33.159.42 Bcast:213.33.159.47 Mask:255.255.255.248 inet6 addr: fe80::1ebd:b9ff:fe87:5f47/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11030 errors:0 dropped:8929145 overruns:0 frame:7339920 TX packets:13868 errors:6 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8087894 (8.0 MB) TX bytes:2447139 (2.4 MB) Interrupt:21 Base address:0xcc00

zavulon vir # ip ro ls 169.254.0.0/16 dev eth1 scope link metric 1000 default via 213.33.159.41 dev eth1 proto static zavulon vir # route -n Таблица маршутизации ядра протокола IP Destination Gateway Genmask Flags Metric Ref Use Iface 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1 0.0.0.0 213.33.159.41 0.0.0.0 UG 0 0 0 eth1

zavulon vir # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

zavulon vir # ping ya.ru PING ya.ru (87.250.250.203) 56(84) bytes of data. 64 bytes from www.yandex.ru (87.250.250.203): icmp_req=1 ttl=59 time=2.81 ms 64 bytes from www.yandex.ru (87.250.250.203): icmp_req=2 ttl=59 time=2.28 ms ^C --- ya.ru ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 2.281/2.549/2.818/0.273 ms

zavulon vir # ping -I eth0 ya.ru PING ya.ru (77.88.21.3) from 213.33.158.46 eth0: 56(84) bytes of data. ^C --- ya.ru ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1005ms

zavulon vir # cat /proc/sys/net/ipv4/ip_forward 1 zavulon vir # cat /etc/sysctl.conf | grep forward # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Anton Pronin, 2011-05-18
@nightw0rk

NAT won't work for you
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

G

GiV, 2011-05-18
@GiV

The routes do not show where to look for the network 213.33.158.*/?
But there is 169.254.0.0/16 which for some reason is tied to eth1

F

facha, 2011-05-18
@facha

Go to ping.eu/ping/ or any other "ping online" and try to ping to 213.33.158.46.
On the router, use tcpdump (tcpdump -nn -i eth1 icmp) to see if you are receiving pings from outside. If not, argue with your ISP: they don't have a route to 213.33.158.0/24 (well, or they do, but it's not you).