DHCPd Config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Feizhou wrote:

> If your box has a link on 55.20.0.0/255.255.0.0 and then more physical 
> links to 56.1.x.0/24 individually (machines on two separate physical 
> networks) or one more physical link to 56.1.1.0/23 (all machines on 
> one physical network and you are going to assign ips from 56.1.1.x and 
> 56.1.2.x) then all you need is setup the default route of the box to 
> 55.20.0.2, enable ip forwarding and then point the default route of 
> all clients to the box's corresponding ip on their subnets (eg: two 
> physical links, 56.1.1.1 and 56.1.2.1) or on their subnet (only one 
> physical link, 56.1.1.1)
>
> If you want to control what packets get through the box, use the 
> iptables -t filter FORWARD chain.
>

That is what I thought, but it doesn't seem to be working.

Here is the routing table of the Linux Router box

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 
green
192.168.8.0     *               255.255.255.0   U     0      0        0 red
169.254.0.0     *               255.255.0.0     U     0      0        0 
green
default         192.168.8.2     0.0.0.0         UG    0      0        0 red

I've given the real IP's this time as it is only a virtual machine. 

The names probably say enought but to clarify 192.168.8.0 is the Public 
facing subnet (what would be in the ISP Cloud I guess), with 192.168.8.2 
as the default gateway, this is pingable from the router.  192.168.1.0 
is the private subnet with 192.168.8.254 as the routers internal IP. 
Workstations can ping the internal IP of the router but not anything 
outside, nor does a traceroute work.

IP Forwarding has been enabled by: "sysctl -w net.ipv4.ip_forward = 1"

The iptables rules are all clear as follows:-

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Here is the routing table from the client machine:-

Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth0
default         192.168.1.254   0.0.0.0         UG    0      0        0 eth0

 From what you have said this should work fine, but I'm clearly missing 
something obvious that I just cannot see.

Thanks again for any help

Regards

Lee



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux