[NTLUG:Discuss] iptables / router problem

Tue Apr 1 14:16:09 CST 2003

Good news, my [wireless] DSL is finally working! :-)  Now I *have* to get my 
Linux router working.  I realize I may be doing this the hard way by using a 
"normal" distro (Suse 8.0) instead of one of the pre-made router distros, but 
I hope this will help me to learn all this better...

First, I found a tutorial at 
http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html 
which sounds like it knows what it's doing.  Is there a better one out there?

Anyway, I have both network cards working and can ping both directions (int 
and ext) from the router machine; and an internal machine can ping the router.

That tutorial had me do:

###
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

# Enables packet forwarding by kernel
echo 1 > /proc/sys/net/ipv4/ip_forward

# Create a route for internal packets
route add  -net 192.168.1.0  netmask 255.255.255.0 gw 172.16.0.1 dev eth1
###

All of which looks reasonable, and all seems to work until I get to the route 
command at the end.  That fails with a "SIOCADDRT: Network is unreachable".

A "route -n" gives:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
172.16.0.0      0.0.0.0         255.255.252.0   U     0      0        0 eth0
0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 eth0

A ifconfig gives:
eth0      Link encap:Ethernet  HWaddr 00:40:F6:B8:BA:6E
           inet addr:172.16.1.247  Bcast:172.16.3.255  Mask:255.255.252.0
           inet6 addr: fe80::240:f6ff:feb8:ba6e/10 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:25974 errors:1 dropped:0 overruns:0 frame:1
           TX packets:519 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:1922917 (1.8 Mb)  TX bytes:35364 (34.5 Kb)
           Interrupt:3 Base address:0xef40

eth1      Link encap:Ethernet  HWaddr 00:40:F6:14:18:2C
           inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
           inet6 addr: fe80::240:f6ff:fe14:182c/10 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:154 errors:0 dropped:0 overruns:0 frame:0
           TX packets:141 errors:5 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:13770 (13.4 Kb)  TX bytes:86948 (84.9 Kb)
           Interrupt:10 Base address:0xef80

plus a "lo" entry.  This all looks good too.

Can anyone offer any suggestions?

TIA!!!
Kevin