Hello Ard, Thanks for your guide now its working Suresh ----- Original Message ----- From: Ard van Breemen <ard@telegraafnet.nl> To: lartc <lartc@mailman.ds9a.nl> Cc: suresh <super772002@yahoo.com> Sent: Tuesday, March 05, 2002 10:58 PM Subject: Re: [LARTC] routing problem > On Tue, Mar 05, 2002 at 09:25:58AM +0530, suresh wrote: > > I have routing problem using Adv Routing. > > Let me explain with exact flow of packets in my LAN to INTERNET > > > > I N T E R N E T > > / \ > > ------------- ------------- > > | a.b.c.e | | w.x.y.u | > > | router1 | | router2 | > > ------------- ------------- > > \ / > > \ / > > \ / > > ----------- > > | Switch | > > ----------- > > | > > | > > | > > eth1 eth1 a.b.c.d gw a.b.c.e > > -------------- eth1:0 w.x.y.z gw w.x.y.u > > | | > > | linux | > > | | > > -------------- eth0 172.16.1.1 > > eth0 eth0:0 192.168.1.1 > > | > > | > Rephrased: eth0 is local, eth1 is internet? > eth0: 172.16.1.1/24 and 192.168.1.1/24 > eth1: w.x.y.z/28 and a.b.c.d/28 > > > I want to forward all packet from 172.16.1.0/24 Network to router 1 > > and from 192.168.1.0/24 Network to router2. > > > > In the linux box i am doing advance routing and iptables. > > Here i am using iptables just for masquerading > > the rules are > > #/sbin/iptables -t nat -A POSTROUTING -o eth0 -p icmp --icmp-type ping -s > > 0/0 -d 0/0 -j MASQUERADE > > #/sbin/iptables -t nat -A POSTROUTING -o eth0 -p tcp -s 0/0 -d 0/0 -j > > MASQUERADE > So you are really masquerading internet traffic, so that traffic from > the internet looks like local traffic? > Don't you mean: > /sbin/iptables -t nat -A POSTROUTING -o eth1 -p icmp --icmp-type ping -s 0/0 -d 0/0 -j MASQUERADE > In other words: icmp traffic going to the internet should be masqueraded? > > But now for the next thing in problem solving: > 1) flush your iptables. > 2) start these: > tcpdump -n -e -i eth0 > tcpdump -n -e -i eth1 > > 3) ping from the 192.168.1.0 network a few times (it will not be answered). > Watch the outgoing traffic on eth1 > 4) ping from the 172.16.1.0 network a few times. > Watch the outgoing traffic on eth1 > > At this point it should start sending the icmp request to the different > routers. The *only* way to notice this is the mac address to which it > is sent! > > If that is correct, then your ip stuff is correct. Your next target is > the iptables. > > Enter this: > /sbin/iptables -t nat -A POSTROUTING -o eth1 -p icmp --icmp-type ping -s 0/0 -d 0/0 -j MASQUERADE > > And try the pings again. Watch the mac, and the ip addresses. > You will see that masqueraded packets "arive" to times at the interface, > once masqueraded, and once demasqueraded. > > If one of these steps does not do as I say, please cut and paste your > terminal output. > (That means tcpdumps etc...) > -- > <ard@telegraafnet.nl> Telegraaf Elektronische Media http://wwwijzer.nl > http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html > Let your government know you value your freedom. Sign the petition: > http://petition.eurolinux.org/ _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
