DHCPd Config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Lee W wrote:

> Feizhou wrote:
>
>> If your box has a link on 55.20.0.0/255.255.0.0 and then more 
>> physical links to 56.1.x.0/24 individually (machines on two separate 
>> physical networks) or one more physical link to 56.1.1.0/23 (all 
>> machines on one physical network and you are going to assign ips from 
>> 56.1.1.x and 56.1.2.x) then all you need is setup the default route 
>> of the box to 55.20.0.2, enable ip forwarding and then point the 
>> default route of all clients to the box's corresponding ip on their 
>> subnets (eg: two physical links, 56.1.1.1 and 56.1.2.1) or on their 
>> subnet (only one physical link, 56.1.1.1)
>>
>> If you want to control what packets get through the box, use the 
>> iptables -t filter FORWARD chain.
>>
>
> That is what I thought, but it doesn't seem to be working.
>
> Here is the routing table of the Linux Router box
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    
> Use Iface
> 192.168.1.0     *               255.255.255.0   U     0      0        
> 0 green
> 192.168.8.0     *               255.255.255.0   U     0      0        
> 0 red
> 169.254.0.0     *               255.255.0.0     U     0      0        
> 0 green
> default         192.168.8.2     0.0.0.0         UG    0      0        
> 0 red

You have private ips. These are not routable on the Internet.

>
> I've given the real IP's this time as it is only a virtual machine.
> The names probably say enought but to clarify 192.168.8.0 is the 
> Public facing subnet (what would be in the ISP Cloud I guess), with 
> 192.168.8.2 as the default gateway, this is pingable from the router.  
> 192.168.1.0 is the private subnet with 192.168.8.254 as the routers 
> internal IP. Workstations can ping the internal IP of the router but 
> not anything outside, nor does a traceroute work.

Your ISP has not given you *any* routable ips. Any natting will have to 
be handled by your ISP.

>
> IP Forwarding has been enabled by: "sysctl -w net.ipv4.ip_forward = 1"
>
> The iptables rules are all clear as follows:-
>
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Here is the routing table from the client machine:-
>
> Destination     Gateway         Genmask         Flags Metric Ref    
> Use Iface
> 192.168.1.0     *               255.255.255.0   U     0      0        
> 0 eth0
> 169.254.0.0     *               255.255.0.0     U     0      0        
> 0 eth0
> default         192.168.1.254   0.0.0.0         UG    0      0        
> 0 eth0
>
> From what you have said this should work fine, but I'm clearly missing 
> something obvious that I just cannot see.
>
Yes, you are missing Internet routable ips. If your ISP says these are 
routable, the ISP is lying.

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux