Re: Routing & IPChains problem.

Jamie Harris <jamie.harris@uwe.ac.uk> · Thu, 26 Apr 2001 01:14:16 +0100 (GMT Daylight Time)

On Wed, 25 Apr 2001, Andrew B. Cramer wrote:

> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref
> Use Iface
> 205.243.155.100 0.0.0.0         255.255.255.255 UH    0      0        0
> ppp0
> 192.168.0.0     0.0.0.0         255.255.255.128 U     0      0        0
> eth1
> 192.168.0.128   0.0.0.0         255.255.255.128 U     0      0        0
> eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         205.243.155.100 0.0.0.0         UG    0      0        0
> ppp0
> 0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1
> 0.0.0.0         192.168.0.130   0.0.0.0         UG    0      0        0 eth0

Not really sure but...  I thought that a destination of 0.0.0.0 indicated
your default route, and you appear to have 3...  As you have explicit
routes for 192.168.0.0 & 192.168.0.128 I don't see why you have the
following:

> 0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth1
> 0.0.0.0         192.168.0.130   0.0.0.0         UG    0      0        0 eth0

although I could be missing something fundamental/basic...

> ---------------
> Chain input (policy ACCEPT):
> Chain forward (policy ACCEPT):
> target     prot opt     source                destination           ports
> ACCEPT     all  ------  anywhere             anywhere              n/a
> ACCEPT     all  ------  anywhere             anywhere              n/a
> MASQ       all  ------  anywhere             anywhere              n/a
> Chain output (policy ACCEPT):
> ---------------

You should really have your policy as DENY and then enable forwarding,
especially for the MASQ chain, otherwise you will happily masquerade
people out on the web *into* your network...  I would also have thought
that you would forward from a source of 192.168.0.0/255.255.255.128 to
192.168.0.128/255.255.255.128 and visa-versa then masquerade everything
else...

I'd normally say HTH but it probably hasn't :(  I'm sure that someone
else the list will be more useful!

Cheers!

Jamie...

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 ***    Slowly and surely the UNIX crept up on the Nintendo user...    ***
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/ED d-(++) s:+ a- C+++>++++$ U+++>$ P++++ L+++>+++++ E+(---) W++ N o?
K? w(++++) O- M V? PS PE? Y PGP- t+ 5 X- R- tv- b++ DI++ D+++ G e++ h*
r++>+++ y+++
------END GEEK CODE BLOCK------

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org