[solved] ip from one netw. to another with gentoo between it

froonk · Last edited by froonk on Mon Aug 02, 2004 10:07 pm; edited 1 time in total

Hi everybody,
I have an old P-II running with gentoo, it's supposed to work as a DSL-Router one day, but at this moment it is connected via eth0 to one host(192.168.0.1), and via eth1 to another(192.168.1.16). On eth0 it has 192.168.0.17, on eth1 192.168.1.17. The 192.168.1.16's gateway is 192.168.1.17. My problem for now is that I can't ping from 192.168.1.16 over my maybe-someday-router to 192.168.0.1 although ip_forward is turned on. What else needs to be done? I have iptables installed but all chains are empty with policy accept.
thx for your help

br0mGreV · Posted: Mon Aug 02, 2004 7:42 pm Post subject:

You must add forwarding rules to your iptables.

check http://www.netfilter.org/

and specialy http://www.netfilter.org/documentation/HOWTO//netfilter-double-nat-HOWTO.html for a walkthrough

kpack · Tux's lil' helper Joined: 29 Mar 2004 Posts: 137

Double check everything. The configuration you're describing is correct and you shouldn't have to add anything to IPTables.

froonk · Posted: Mon Aug 02, 2004 8:48 pm Post subject:

I took a quick look at that. Don't blame me to be lazy, but before I read further into it just one more question:
Everything there seems to be about NAT, but I do not need to masqerade between my two networks even if I just want to ping? And if not, do I still have to define rules?

froonk · Posted: Mon Aug 02, 2004 9:06 pm Post subject:

whoops kpack i oversaw your reply, but that's good, i was just throwing my whole understanding about ip over board :lol:

think4urs11 · Posted: Mon Aug 02, 2004 9:18 pm Post subject:

check the routing tables on 192.168.0.1 + 192.168.1.16

both have to have an entry to the other subnet via your P-II
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself

froonk · Posted: Mon Aug 02, 2004 9:47 pm Post subject:

that was it! I forgot that 192.168.0.1 must also know where to find 192.168.1.16. I'm happy to tell you that these letters are forwarded through my good old P-II

thank you!

think4urs11 · Posted: Mon Aug 02, 2004 10:04 pm Post subject:

no prob

as soon as you set the threat title to [solved] i'm as happy as you are now *g*
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself

kpack · Tux's lil' helper Joined: 29 Mar 2004 Posts: 137

Just to be clear here, am I correct that 192.168.0.17 is not the default gateway for 192.168.0.1, and that the solution only involved creating a routing table entry on 192.168.0.1?

froonk · Posted: Tue Aug 03, 2004 7:08 am Post subject:

Well... yes. :oops:

but wasn't it that kind of mistake that you've had expected when you advised me to double check everything?