Home Routing

[Dave332]

Okay, I read the home routing guide and enjoyed it but I can't seem to get the actual routing to work on my gameserver. eth0 is connected to my contemptible Actiontec modem/router that qwest sent me. eth1 goes to the uplink on my parents belkin router and I am trying to get eth2 to work with my network upstairs. Here are some of the symptoms:

eth0 recieves a connection and is routed to correctly. I can ping both the actiontec modem and www.google.com succesfully.

eth2 will only communicate with other computers if it is directly linked via crossover cable. When it is properly linked, dhcp and dns both work, but my gameserver will not properly route the connection. when I ping www.google.com from my machine (connected to my gameserver vi crossover on eth2) it resolves the dns but then I get the "Request Timed Out" message (my rig is a windows box right now).

I need to be able to connect eth2 to a switch upstairs so I can use dhcp for a lan in my room. I also need to be able to route on eth1 so my parents have internet access, but i wouldn't have any problem connecting via crossover to their router.

Any help is appreciated and thanks in advance.

[devon]

What does the following commands show?

/sbin/ifconfig
/sbin/iptables -L -n -v
/sbin/iptables -t nat -L -n -v

[SpanKY]

[Dave332]

#/sbin/ifconfig

eth0 Link encap:Ethernet HWaddr 00:02:B3:4C:9F:FC
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:63411 errors:0 dropped:0 overruns:0 frame:0
TX packets:42238 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:92937514 (88.6 Mb) TX bytes:3040737 (2.8 Mb)
Interrupt:11 Base address:0x2000

eth1 Link encap:Ethernet HWaddr 00:03:6D:1D:81:E9
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:12 Base address:0xd800

eth2 Link encap:Ethernet HWaddr 00:04:5A:67:72:E4
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:10 Base address:0xdc00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


#sbin/iptables -L -n -v


Chain INPUT (policy ACCEPT 117K packets, 167M bytes)
pkts bytes target prot opt in out source destination
278 22116 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
744 111K ACCEPT all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
51 7430 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 reject-with icmp-port-unreachable
0 0 REJECT udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable
582 28024 DROP tcp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023
7502 635K DROP udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023
0 0 REJECT udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 reject-with icmp-port-unreachable
0 0 REJECT udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable
0 0 DROP tcp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023
0 0 DROP udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023
0 0 REJECT udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 reject-with icmp-port-unreachable
0 0 REJECT udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable
0 0 DROP tcp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023
0 0 DROP udp -- !eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023
0 0 REJECT udp -- !eth2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 reject-with icmp-port-unreachable
0 0 REJECT udp -- !eth2 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 reject-with icmp-port-unreachable
0 0 DROP tcp -- !eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023
0 0 DROP udp -- !eth2 * 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023

Chain FORWARD (policy ACCEPT 2 packets, 80 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- eth2 * 0.0.0.0/0 192.168.2.0/255.255.2.0
0 0 DROP all -- eth1 * 0.0.0.0/0 192.168.1.0/255.255.1.0
0 0 ACCEPT all -- eth1 * 192.168.1.0/255.255.1.1 0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 192.168.1.0/255.255.1.1
26 1320 ACCEPT all -- eth2 * 192.168.2.0/255.255.2.1 0.0.0.0/0
0 0 ACCEPT all -- eth0 * 0.0.0.0/0 192.168.2.0/255.255.2.1

Chain OUTPUT (policy ACCEPT 80419 packets, 4696K bytes)
pkts bytes target prot opt in out source destination


#/sbin/iptables -t nat -L -n -v

Chain PREROUTING (policy ACCEPT 12123 packets, 1002K bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 450 packets, 29605 bytes)
pkts bytes target prot opt in out source destination
10 2075 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
14 2267 MASQUERADE all -- * eth2 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

[Dave332]

Spanky:

I don't want to hook my parents router up to the switch because they have windows machines and so do I. They have a tendancy to install spyware and adware and the like because they will find something "cute" or "useful" and determine that they must have it on their machine. Additionally, I am not allowed to repair anything (spyware/adware/viri/trojans/etc.) on either of their machines. In order to protect my own gaming rig, I don't want them to have any route to me whatsoever. I think that about covers it ...

[SpanKY]

[Dave332]

That's what I've been trying to do, but I can't get NAT/Routing to work.