On 6/17/05, Dariusz Dwornikowski <tdi@xxxxxxxxx> wrote: > On Fri, 17 Jun 2005 13:14:23 -0400 (EDT) > "Ji Li" <ji.li3@xxxxxx> wrote: > > > Hi, > > I have three linux machines, and I want to let one of them forward packets > > betwen the other two. The forwarding node has two ethernet cards, > > connecting the two two machines respectively. However, when I ping between > > the two end points, the forwarding node can receive the ping requests at > > its eth0, but it never forwards them to its eth1. So is the reverse > > direction. > > > > The forwarding node is Redhat 7.2, kernel 2.4.7-10. The two end points are > > FC3, 2.6.9-1.667smp. > > > > What we have done to enable IP forwarding on the RH7.2 node are: > > (1) In /etc/sysconfig/network, add "FORWARD_IPV4=yes" > > (2) "echo 1 > /proc/sys/net/ipv4/ip_forward". > > (3) Change "net.ipv4.ip_forward=1" in /etc/sysctl.conf. > > (4) > > "echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter" > > "echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter" > > (5) We tried "iptables -F" to flush the rules, but ip forwarding still > > doesn' work, so we add some rules as follows. We run "iptables" to > > configure firewall to enable IP forwarding. > > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT > > iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT > route add net comp1-net gw comp1-ip > route add net comp2-net gw comp2-ip The last 2 lines are strange... I think you don't need them. In comp1, you need: route add -host comp2-ip gw reachable-router-ip-from-comp1 in comp2, you need route add -host comp1-ip gw reachable-router-ip-from-comp2 You should also use tcpdump and test with pings. Example: # tcpdump -n -i eth0 icmp It will allow you to debug common issues, for instance, when the icmp echo request reaches its destination, but the host cannot reply because a route is missing. I assume the forwarding host is not the default route of comp1 nor comp2. Regards, Nelson.- -- Homepage : http://geocities.com/arhuaco The first principle is that you must not fool yourself and you are the easiest person to fool. -- Richard Feynman. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
