Never mind, I found my mistake. Sorry to bother people. It turns out routing table on the 10.0.0.2 host was wrong, and it was causing the return packets to be lost.
When I made the configuration agree with what I describe below, everything works as expected. -David David Zelinsky <[EMAIL PROTECTED]> writes: > I'm trying to set up a firewall/gateway, and I can't seem to get > ip forwarding to work. I'm using linux kernel 2.6.23 with iptables > enabled. Here's what happens. > > The firewall machine has two interfaces (both on private networks, for > testing purposes): > > IF IP Netmask > eth0 192.168.0.1 255.255.255.0 > eth1 10.0.0.1 255.255.255.0 > > This is the routing table: > > Destination Gateway Genmask Flags Metric Ref Use Iface > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > > I enable IP forwarding, with 'echo 1 >/proc/sys/net/ipv4/ip_forward' > > I have the iptables_* modules loaded (* = forward,nat,mangle,raw). > There are no rules in any of the tables, but all have ACCEPT as the > default policy. > > I have two other machines, one at 192.168.0.2 (connected to the same > hub as firewall's eth0) and one at 10.0.0.2 (connected via crossover > to firewall's eth1). > > >From the firewall, I can ping both the other hosts. > >From either host, I can ping the firewall at both 192.160.0.1 and 10.0.0.1. > > With this setup, I expect to be able to ping 10.0.0.2 from 192.168.0.2 > (and vice versa), with packets routed through the firewall, but it > doesn't work. > > What am I overlooking? > > I did try putting explicit iptables rules in the FILTER chain of the > forward table, but it didn't make any difference. > > Any suggestions would be much appreciated. > > -- > David Zelinsky -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
