Lee W wrote:
> Feizhou wrote:
>
>> If your box has a link on 55.20.0.0/255.255.0.0 and then more
>> physical links to 56.1.x.0/24 individually (machines on two separate
>> physical networks) or one more physical link to 56.1.1.0/23 (all
>> machines on one physical network and you are going to assign ips from
>> 56.1.1.x and 56.1.2.x) then all you need is setup the default route
>> of the box to 55.20.0.2, enable ip forwarding and then point the
>> default route of all clients to the box's corresponding ip on their
>> subnets (eg: two physical links, 56.1.1.1 and 56.1.2.1) or on their
>> subnet (only one physical link, 56.1.1.1)
>>
>> If you want to control what packets get through the box, use the
>> iptables -t filter FORWARD chain.
>>
>
> That is what I thought, but it doesn't seem to be working.
>
> Here is the routing table of the Linux Router box
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 192.168.1.0 * 255.255.255.0 U 0 0
> 0 green
> 192.168.8.0 * 255.255.255.0 U 0 0
> 0 red
> 169.254.0.0 * 255.255.0.0 U 0 0
> 0 green
> default 192.168.8.2 0.0.0.0 UG 0 0
> 0 red
You have private ips. These are not routable on the Internet.
>
> I've given the real IP's this time as it is only a virtual machine.
> The names probably say enought but to clarify 192.168.8.0 is the
> Public facing subnet (what would be in the ISP Cloud I guess), with
> 192.168.8.2 as the default gateway, this is pingable from the router.
> 192.168.1.0 is the private subnet with 192.168.8.254 as the routers
> internal IP. Workstations can ping the internal IP of the router but
> not anything outside, nor does a traceroute work.
Your ISP has not given you *any* routable ips. Any natting will have to
be handled by your ISP.
>
> IP Forwarding has been enabled by: "sysctl -w net.ipv4.ip_forward = 1"
>
> The iptables rules are all clear as follows:-
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Here is the routing table from the client machine:-
>
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> 192.168.1.0 * 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 * 255.255.0.0 U 0 0
> 0 eth0
> default 192.168.1.254 0.0.0.0 UG 0 0
> 0 eth0
>
> From what you have said this should work fine, but I'm clearly missing
> something obvious that I just cannot see.
>
Yes, you are missing Internet routable ips. If your ISP says these are
routable, the ISP is lying.
