Re: Forwarding not work in FC9 but ip forward is turn on

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Kevin, hier the information

Information from FIREWALL
-------------------------
[root@marte [1] ~]# ifconfig
eth4      Link encap:Ethernet  HWaddr 00:19:D1:8C:02:5E
          inet addr:192.168.5.254  Bcast:192.168.5.255  Mask:255.255.255.0
          inet6 addr: fe80::219:d1ff:fe8c:25e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:101 errors:0 dropped:0 overruns:0 frame:0
          TX packets:261 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:7212 (7.0 KiB)  TX bytes:18747 (18.3 KiB)
          Memory:52200000-52220000

eth5      Link encap:Ethernet  HWaddr 00:0A:5E:78:C4:8C
          inet addr:192.168.1.231  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20a:5eff:fe78:c48c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9091 errors:0 dropped:0 overruns:0 frame:0
          TX packets:412 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:861240 (841.0 KiB)  TX bytes:43976 (42.9 KiB)
          Interrupt:18 Base address:0x4900

eth6      Link encap:Ethernet  HWaddr 00:0A:5E:79:81:85
          inet addr:192.168.10.250  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::20a:5eff:fe79:8185/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:550 errors:0 dropped:0 overruns:0 frame:0
          TX packets:138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:65826 (64.2 KiB)  TX bytes:11900 (11.6 KiB)
          Interrupt:22 Base address:0xc980

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:13 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1104 (1.0 KiB)  TX bytes:1104 (1.0 KiB)

[root@marte [2] ~]# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.5.0     0.0.0.0         255.255.255.0   U         0 0          0 eth4
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth5
192.168.10.0    0.0.0.0         255.255.255.0   U         0 0          0 eth6
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth6

[root@marte [3] ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@marte [4] ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.
SELINUXTYPE=targeted

[root@marte [5] ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 1758 packets, 182K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 89 packets, 6036 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 600 packets, 69134 bytes)
 pkts bytes target     prot opt in     out     source               destination
[root@marte [6] ~]# iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 1006 packets, 135K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 92 packets, 6288 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 4 packets, 312 bytes)
 pkts bytes target     prot opt in     out     source               destination
[root@marte [7] ~]# iptables -L -n -v -t nat -t mangle
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

[root@marte [8] ~]# traceroute 192.168.5.1
traceroute to 192.168.5.1 (192.168.5.1), 30 hops max, 40 byte packets
 1  * * *
 2   (192.168.5.1)  0.928 ms  0.915 ms  0.296 ms
[root@marte [9] ~]# traceroute 192.168.1.231
traceroute to 192.168.1.231 (192.168.1.231), 30 hops max, 40 byte packets
 1   (192.168.1.231)  0.054 ms  0.024 ms  0.022 ms
[root@marte [10] ~]# traceroute 192.168.10.20
traceroute to 192.168.10.20 (192.168.10.20), 30 hops max, 40 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
[root@marte [11] ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification (1)
net.ipv4.conf.default.rp_filter = 1

# Do not accept source routing (0)
net.ipv4.conf.default.accept_source_route = 1

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

net.ipv4.conf.all.disable_policy = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.send_redirects=0
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1

[root@marte [12] ~]# tcpdump -i any -n -nn -vvv host 192.168.5.1
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
22:26:39.695282 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.5.254 > 192.168.5.1: ICMP echo request, id 35866, seq 1,length 64
22:26:39.696469 arp who-has 192.168.5.254 tell 192.168.5.1
22:26:39.696482 arp reply 192.168.5.254 is-at 00:19:d1:8c:02:5e
22:26:39.697161 IP (tos 0x0, ttl 254, id 764, offset 0, flags [none], proto ICMP (1), length 84) 192.168.5.1 > 192.168.5.254: ICMP echo reply, id 35866, seq1, length 64
22:26:40.696497 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.5.254 > 192.168.5.1: ICMP echo request, id 35866, seq 2,length 64
22:26:40.697511 IP (tos 0x0, ttl 254, id 765, offset 0, flags [none], proto ICMP (1), length 84) 192.168.5.1 > 192.168.5.254: ICMP echo reply, id 35866, seq2, length 64
22:26:41.697492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.5.254 > 192.168.5.1: ICMP echo request, id 35866, seq 3,length 64
22:26:41.698544 IP (tos 0x0, ttl 254, id 766, offset 0, flags [none], proto ICMP (1), length 84) 192.168.5.1 > 192.168.5.254: ICMP echo reply, id 35866, seq3, length 64
^C
8 packets captured
9 packets received by filter
0 packets dropped by kernel
[root@marte [13] ~]# tcpdump -i any -n -nn -vvv host 192.168.10.20
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
22:27:39.709227 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.10.250 > 192.168.10.20: ICMP echo request, id 36634, seq1, length 64
22:27:40.708502 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.10.250 > 192.168.10.20: ICMP echo request, id 36634, seq2, length 64
22:27:41.708498 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.10.250 > 192.168.10.20: ICMP echo request, id 36634, seq3, length 64
22:27:42.708499 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.10.250 > 192.168.10.20: ICMP echo request, id 36634, seq4, length 64
22:27:43.708490 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 192.168.10.250 > 192.168.10.20: ICMP echo request, id 36634, seq5, length 64
^C
5 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@marte [14] ~]# tcpdump -i any -n -nn -vvv host 192.168.10.20
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
22:28:57.035666 IP (tos 0x0, ttl 128, id 549, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.20 > 192.168.5.1: ICMP echo request, id 512, seq17664, length 40
22:28:57.035865 IP (tos 0x0, ttl 127, id 549, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.20 > 192.168.5.1: ICMP echo request, id 512, seq17664, length 40
22:29:02.075864 IP (tos 0x0, ttl 128, id 550, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.20 > 192.168.5.1: ICMP echo request, id 512, seq17920, length 40
22:29:02.075885 IP (tos 0x0, ttl 127, id 550, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.20 > 192.168.5.1: ICMP echo request, id 512, seq17920, length 40
^C
4 packets captured
5 packets received by filter
0 packets dropped by kernel
[root@marte [15] ~]# tcpdump -i any -n -nn -vvv host 192.168.10.250
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
22:30:06.150282 IP (tos 0x0, ttl 128, id 552, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.20 > 192.168.10.250: ICMP echo request, id 512, seq 18176, length 40
22:30:06.150494 IP (tos 0x0, ttl 64, id 57368, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.250 > 192.168.10.20: ICMP echo reply, id 512, seq 18176, length 40
22:30:07.136361 IP (tos 0x0, ttl 128, id 553, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.20 > 192.168.10.250: ICMP echo request, id 512, seq 18432, length 40
22:30:07.136386 IP (tos 0x0, ttl 64, id 57369, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.250 > 192.168.10.20: ICMP echo reply, id 512, seq 18432, length 40
22:30:08.136321 IP (tos 0x0, ttl 128, id 554, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.20 > 192.168.10.250: ICMP echo request, id 512, seq 18688, length 40
22:30:08.136343 IP (tos 0x0, ttl 64, id 57370, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.250 > 192.168.10.20: ICMP echo reply, id 512, seq 18688, length 40
22:30:09.136300 IP (tos 0x0, ttl 128, id 555, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.20 > 192.168.10.250: ICMP echo request, id 512, seq 18944, length 40
22:30:09.136324 IP (tos 0x0, ttl 64, id 57371, offset 0, flags [none], proto ICMP (1), length 60) 192.168.10.250 > 192.168.10.20: ICMP echo reply, id 512, seq 18944, length 40
22:30:11.149463 arp who-has 192.168.10.20 tell 192.168.10.250
22:30:11.149845 arp reply 192.168.10.20 is-at 00:1c:c0:6c:12:27
^C
10 packets captured
14 packets received by filter
0 packets dropped by kernel
[root@marte [16] ~]#
Information from PC client from LAN 192.168.1.0
-----------------------------------------------
[root@localhost [17] ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1F:C6:38:B1:C5  
          inet addr:192.168.1.201  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::21f:c6ff:fe38:b1c5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:87616 errors:0 dropped:0 overruns:0 frame:0
          TX packets:66320 errors:0 dropped:0 overruns:0 carrier:6
          collisions:0 txqueuelen:1000 
          RX bytes:92023721 (87.7 MiB)  TX bytes:0 (0.0 b)
          Memory:feac0000-feb00000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:166 errors:0 dropped:0 overruns:0 frame:0
          TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:8700 (8.4 KiB)  TX bytes:8700 (8.4 KiB)

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     *               255.255.255.0   U         0 0          0 eth0
link-local      *               255.255.0.0     U         0 0          0 eth0
default         192.168.1.231   0.0.0.0         UG        0 0          0 eth0

[root@localhost [18] ~]# traceroute 192.168.1.231
traceroute to 192.168.1.231 (192.168.1.231), 30 hops max, 40 byte packets
 1  192.168.1.231 (192.168.1.231)  0.463 ms  0.371 ms  0.337 ms

[root@localhost [19] ~]# traceroute 192.168.5.1
traceroute to 192.168.5.1 (192.168.5.1), 30 hops max, 40 byte packets
 1   (192.168.1.231)  0.478 ms  0.409 ms  0.373 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

[root@localhost [20] ~]# traceroute 192.168.5.254
traceroute to 192.168.5.254 (192.168.5.254), 30 hops max, 40 byte packets
 1   (192.168.5.254)  0.467 ms  0.392 ms  0.325 ms



Links:
------
[1] mailto:root@marte
[2] mailto:root@marte
[3] mailto:root@marte
[4] mailto:root@marte
[5] mailto:root@marte
[6] mailto:root@marte
[7] mailto:root@marte
[8] mailto:root@marte
[9] mailto:root@marte
[10] mailto:root@marte
[11] mailto:root@marte
[12] mailto:root@marte
[13] mailto:root@marte
[14] mailto:root@marte
[15] mailto:root@marte
[16] mailto:root@marte
[17] mailto:root@localhost
[18] mailto:root@localhost
[19] mailto:root@localhost
[20] mailto:root@localhost


-- 
This is an email sent via the webforum on http://fcp.surfsite.org
http://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=291614&topic_id=61844&forum=10#forumpost291614
If you think, this is spam, please report this to webmaster@xxxxxxxxxxxxxxxxx

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux