Thank you all for the help! I thought the problem is that ip forwarding is not working on the middle node, but actually all the problems are the routing tables on the two end nodes. I only specified which network interface to send the packet in the routing table of two end nodes and didn't specify the gateway for the two end nodes. I thought that each end node will just send packets to the corresponding interface in the routing table, and the middle node will just forward everything it receives. The middle node does receive all the packets, but it never forwards to its second network interface. Would any one please explain a little why this happened? Thanks again for your kind help! Regards, -Ji > On 6/17/05, Dariusz Dwornikowski <tdi@xxxxxxxxx> wrote: >> On Fri, 17 Jun 2005 13:14:23 -0400 (EDT) >> "Ji Li" <ji.li3@xxxxxx> wrote: >> >> > Hi, >> > I have three linux machines, and I want to let one of them forward >> packets >> > betwen the other two. The forwarding node has two ethernet cards, >> > connecting the two two machines respectively. However, when I ping >> between >> > the two end points, the forwarding node can receive the ping requests >> at >> > its eth0, but it never forwards them to its eth1. So is the reverse >> > direction. >> > >> > The forwarding node is Redhat 7.2, kernel 2.4.7-10. The two end points >> are >> > FC3, 2.6.9-1.667smp. >> > >> > What we have done to enable IP forwarding on the RH7.2 node are: >> > (1) In /etc/sysconfig/network, add "FORWARD_IPV4=yes" >> > (2) "echo 1 > /proc/sys/net/ipv4/ip_forward". >> > (3) Change "net.ipv4.ip_forward=1" in /etc/sysctl.conf. >> > (4) >> > "echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter" >> > "echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter" >> > (5) We tried "iptables -F" to flush the rules, but ip forwarding still >> > doesn' work, so we add some rules as follows. We run "iptables" to >> > configure firewall to enable IP forwarding. >> > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT >> > iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT >> route add net comp1-net gw comp1-ip >> route add net comp2-net gw comp2-ip > > The last 2 lines are strange... I think you don't need them. > > In comp1, you need: > route add -host comp2-ip gw reachable-router-ip-from-comp1 > > in comp2, you need > route add -host comp1-ip gw reachable-router-ip-from-comp2 > > You should also use tcpdump and test with pings. Example: > > # tcpdump -n -i eth0 icmp > > It will allow you to debug common issues, for instance, when the > icmp echo request reaches its destination, but the host cannot reply > because a route is missing. > > I assume the forwarding host is not the default route of > comp1 nor comp2. > > Regards, > Nelson.- > > -- > Homepage : http://geocities.com/arhuaco > > The first principle is that you must not fool yourself > and you are the easiest person to fool. > -- Richard Feynman. > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
