[NTLUG:Discuss] iptables / router problem
Chris Cox
cjcox at acm.org
Tue Apr 1 16:34:50 CST 2003
kbrannen at gte.net wrote:
...snip...
> ###
> iptables --flush
> iptables --table nat --flush
> iptables --delete-chain
> iptables --table nat --delete-chain
>
> # Set up IP FORWARDing and Masquerading
> iptables --table nat --append POSTROUTING --out-interface eth0 -j
> MASQUERADE
> iptables --append FORWARD --in-interface eth1 -j ACCEPT
>
> # Enables packet forwarding by kernel
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> # Create a route for internal packets
> route add -net 192.168.1.0 netmask 255.255.255.0 gw 172.16.0.1 dev eth1
> ###
If you've got IP forwarding enabled and both interfaces are local... it
already knows how to move packets from one net to the other. Local
hosts will use your 192.168.1.1 as their default gateway.
>
> All of which looks reasonable, and all seems to work until I get to the
> route command at the end. That fails with a "SIOCADDRT: Network is
> unreachable".
>
> A "route -n" gives:
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth1
> 172.16.0.0 0.0.0.0 255.255.252.0 U 0 0 0
> eth0
> 0.0.0.0 172.16.0.1 0.0.0.0 UG 0 0 0
> eth0
>
> A ifconfig gives:
> eth0 Link encap:Ethernet HWaddr 00:40:F6:B8:BA:6E
> inet addr:172.16.1.247 Bcast:172.16.3.255 Mask:255.255.252.0
...snip...
>
> eth1 Link encap:Ethernet HWaddr 00:40:F6:14:18:2C
> inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
...snip...
>
> plus a "lo" entry. This all looks good too.
>
> Can anyone offer any suggestions?
>
> TIA!!!
> Kevin
More information about the Discuss
mailing list