forwarding between private and public networks
This is a discussion on forwarding between private and public networks within the Linux Networking forums, part of the Linux Forums category; I am trying to set up a multihomed server that has a public ip address and is also connected to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-10-2003
|
|||
|
|||
forwarding between private and public networks
I am trying to set up a multihomed server that has a public ip address
and is also connected to a private network. But I can not access the internet from the private network so I think I have some problem with the forwarding or routing. My setup looks like this: internet -----cisco1600 router (ip 196.x.x.y)---server (ip 196.x.x.x subnet 255.255.255.252)----switch ------private network (ip 192.168.10.x, subnet 255.255.255.0) (the above should be read as on long line, i.e. the router is connected to the internet thru v.35 (DSL line) and also to the server thru ethernet, the server is connected to the router and to the switch, the switch connects to the private network). server runs RH linux 7.1 (kernel 2.4.2-2) private network computers runs windows-xp with firewall-option disabled. I can ping from the server to the router and from the server to the private network. I can ping from the private network to both NICs in the server but *not* to the router. I can access the internet from the server. I can *not* access the internet from the private network. when I ping the router from the private network i get: "Request timeout". AFAIK networking is correctly set up on the server: I have /proc/sys/net/ipv4/ip_forward set to 1. I have a default route defined. (if I remove this default route, then when I ping the router from the private network I get: "network unreachable" instead of "request timeout", so it seems to me that routing is working). If I do: ipchains -L I get a list of rules set up on the input-chain, and the forward and output chains have policy=ACCEPT on them. But even if I flush it with "ipchains -F" and get policy=ACCEPT on all 3 chains this makes no difference to my problem. if I do: ifconfig I get a listing of eth0 and eth1 and lo that looks fine. So what am I missing? I have worked on this problem for the past few days and am running out of ideas. If anybody has got any ideas of what to check etc, then please let me know. Please also reply to: tobias AT itservices DOT co DOT mz (replace AT and DOT with the obvious) Thanks in advance, Tobias Skytte 
|
|
11-11-2003
|
|||
|
|||
|
Re: forwarding between private and public networks
Tobias Skytte wrote:
> I am trying to set up a multihomed server that has a public ip address > and is also connected to a private network. But I can not access the > internet from the private network so I think I have some problem with > the forwarding or routing. > My setup looks like this: > > internet -----cisco1600 router (ip 196.x.x.y)---server (ip 196.x.x.x > subnet 255.255.255.252)----switch ------private network (ip > 192.168.10.x, subnet 255.255.255.0) > > (the above should be read as on long line, i.e. the router is > connected to the internet thru v.35 (DSL line) and also to the server > thru ethernet, the server is connected to the router and to the > switch, the switch connects to the private network). > > server runs RH linux 7.1 (kernel 2.4.2-2) > private network computers runs windows-xp with firewall-option > disabled. > > I can ping from the server to the router and from the server to the > private network. > I can ping from the private network to both NICs in the server but > *not* to the router. > I can access the internet from the server. > I can *not* access the internet from the private network. > when I ping the router from the private network i get: "Request > timeout". > > AFAIK networking is correctly set up on the server: > > I have /proc/sys/net/ipv4/ip_forward set to 1. > > I have a default route defined. (if I remove this default route, then > when I ping the router from the private network I get: "network > unreachable" instead of "request timeout", so it seems to me that > routing is working). > > If I do: > ipchains -L > I get a list of rules set up on the input-chain, and the forward and > output chains have policy=ACCEPT on them. But even if I flush it with > "ipchains -F" and get policy=ACCEPT on all 3 chains this makes no > difference to my problem. > > if I do: > ifconfig > I get a listing of eth0 and eth1 and lo that looks fine. > > So what am I missing? I have worked on this problem for the past few > days and am running out of ideas. If anybody has got any ideas of what > to check etc, then please let me know. The 192.168.10/24 network addresses are not routable on the Internet. So you need to configure "Source Network Address Translation" (SNAT) or "IP Masquerading" on the firewall box (your "server" box) to convert the non-routable, interior IPv4 addresses (192.168.10/24) into one or more routable IPv4 addresses (e.g., 196.x.x.y). For more information, see the documentation on the netfilter/iptables web site: http://www.netfilter.org/documentation/index.html -- Jim To reply by email, remove "link" and change "now.here" to "yahoo" jfischer_link5809{at}now.here.com
|
Linear Mode
