forwarding between private and public networks
I am trying to set up a multihomed server that has a public ip address
and is also connected to a private network. But I can not access the
internet from the private network so I think I have some problem with
the forwarding or routing.
My setup looks like this:
internet -----cisco1600 router (ip 196.x.x.y)---server (ip 196.x.x.x
subnet 255.255.255.252)----switch ------private network (ip
192.168.10.x, subnet 255.255.255.0)
(the above should be read as on long line, i.e. the router is
connected to the internet thru v.35 (DSL line) and also to the server
thru ethernet, the server is connected to the router and to the
switch, the switch connects to the private network).
server runs RH linux 7.1 (kernel 2.4.2-2)
private network computers runs windows-xp with firewall-option
disabled.
I can ping from the server to the router and from the server to the
private network.
I can ping from the private network to both NICs in the server but
*not* to the router.
I can access the internet from the server.
I can *not* access the internet from the private network.
when I ping the router from the private network i get: "Request
timeout".
AFAIK networking is correctly set up on the server:
I have /proc/sys/net/ipv4/ip_forward set to 1.
I have a default route defined. (if I remove this default route, then
when I ping the router from the private network I get: "network
unreachable" instead of "request timeout", so it seems to me that
routing is working).
If I do:
ipchains -L
I get a list of rules set up on the input-chain, and the forward and
output chains have policy=ACCEPT on them. But even if I flush it with
"ipchains -F" and get policy=ACCEPT on all 3 chains this makes no
difference to my problem.
if I do:
ifconfig
I get a listing of eth0 and eth1 and lo that looks fine.
So what am I missing? I have worked on this problem for the past few
days and am running out of ideas. If anybody has got any ideas of what
to check etc, then please let me know.
Please also reply to: tobias AT itservices DOT co DOT mz (replace AT
and DOT with the obvious)
Thanks in advance,
Tobias Skytte
|