network routing.
Gary Artim
gartim at gmail.com
Tue Mar 12 04:11:50 UTC 2013
not sure what you're saying...I just have a default route defined on
the machine I'd like routed. The router has all the iptables stuff.
When I type route on the non router it hangs, then after some time
comes back with the default route to the router and canNOT get beyond
the subnet. To my knowledge you need to define a default route on
every machine in the subnet that is using the router, at least that is
how I've had them setup for the last 15 years and it worked fine.
to summerize I have 2 machine linked by a single patch cable, one of
the machine (the linux router) has a second interface to a bigger lan
on campus.
the ips: router 192.168.0.1 othermachine 192.168.0.11 (default route
to 192.168.0.1)
iptables: router has natted/masq 192.168.0.0 net, othermachine is wide
open, all iptable rules flushed and accepting everything
This should work and worked in the passed, must be something I did or
the router or othermachine is missing some software. Tomorrow I'll try
tracing the route.
On Mon, Mar 11, 2013 at 8:31 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> client hang on route command
>
> what the hell are you doing?
>
> the client does not need anything to know about routing
> your router is the standard-gateway of the clients and
> has to do anyhting with affeactes NAT/masquerading/routing
> because that is why it is called router
>
> Am 12.03.2013 04:20, schrieb Gary Artim:
>> I tried postrouting/masquerade in iptables on the router and still the
>> client hang on route command. Its like the client cant see the router.
>> But ping works fine in both directions. If I try and ping a known
>> address on the greater internet, nothing. So there is no route beyond
>> the subnet of 192.168.0.0. I know its something dumb cause I've done
>> this 10..12 times before and it aways worked or is working now on some
>> servers.
>>
>> On Mon, Mar 11, 2013 at 7:12 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>>> you do NOT need this on the client.
>>> and it is NOT enough if your machine works as NAT-router
>>>
>>> postrouting/masquerade is at least needed
>>>
>>> Chain POSTROUTING (policy ACCEPT 19602 packets, 1625K bytes)
>>> pkts bytes target prot opt in out source destination
>>> 80 7964 MASQUERADE all -- * eth1 192.168.2.0/24 0.0.0.0/0
>>>
>>> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>>> pkts bytes target prot opt in out source destination
>>> 48 2820 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS
>>> clamp to PMTU
>>> 0 0 DROP all -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:0
>>> 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:0
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x17
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02
>>> ctstate NEW
>>> 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0
>>> 0 0 DROP tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5
>>> 0 0 DROP udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 TTL match TTL < 5
>>> 0 0 DROP all -- eth1 * 84.113.45.179 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 0.0.0.0/8 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 10.0.0.0/8 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 127.0.0.0/8 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 169.254.0.0/16 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 172.16.0.0/12 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 192.0.0.0/24 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 192.0.2.0/24 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 192.88.99.0/24 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 192.168.0.0/16 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 198.18.0.0/15 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 198.51.100.0/24 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 203.0.113.0/24 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 224.0.0.0/4 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 240.0.0.0/4 0.0.0.0/0
>>> 0 0 DROP all -- eth1 * 255.255.255.255 0.0.0.0/0
>>> 8734 4397K ACCEPT all -- eth1 br0 0.0.0.0/0 192.168.2.0/24 ctstate RELATED,ESTABLISHED
>>> 8698 3215K ACCEPT all -- br0 eth1 192.168.2.0/24 0.0.0.0/0
>>> 4 2304 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
>>>
>>> Am 12.03.2013 03:07, schrieb Gary Artim:
>>>> thanks, I forgot to mention I do have this set on both the client and
>>>> router, still doesnt work. something is fishie, I went home frustrated
>>>> and used my 2 laptops, one running mint linux, wirelessly, with a
>>>> ethernet port (as the router) and one running fedora 18 as the client
>>>> and got it to route -- ie ping yahoo.com. Go figure.
>>>>
>>>> On Mon, Mar 11, 2013 at 5:55 PM, zoom itman <rummymobile at gmail.com> wrote:
>>>>> On Tue, Mar 12, 2013 at 10:25 AM, Gary Artim <gartim at gmail.com> wrote:
>>>>>> I have a problems using a patch cable and trying to route though
>>>>>> another machine
>>>>>
>>>>>
>>>>> This might help, on the machine doing the forwarding:
>>>>>
>>>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>>>
>>>>> Then, set net.ipv4.ip_forward to 1 in /etc/sysctl.conf so it persists
>>>>> over reboots
>>>
>>>
>>> --
>>> users mailing list
>>> users at lists.fedoraproject.org
>>> To unsubscribe or change subscription options:
>>> https://admin.fedoraproject.org/mailman/listinfo/users
>>> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>>> Have a question? Ask away: http://ask.fedoraproject.org
>>>
>
> --
>
> Reindl Harald
> the lounge interactive design GmbH
> A-1060 Vienna, Hofmühlgasse 17
> CTO / CISO / Software-Development
> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
> icq: 154546673, http://www.thelounge.net/
>
> http://www.thelounge.net/signature.asc.what.htm
>
>
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
>
More information about the users
mailing list