Iptables Packet forwarding/routing problem

cyanid3 · #1 25th June 2005, 05:55 AM

I'm trying to get iptables to forward packets from one interface to another.
I'm trying this:

Code:

iptables -P FORWARD DROP
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT

What am I doing wrong?

fire-fly · #2 27th June 2005, 10:45 AM

what is the setting of /proc/sys/net/ipv4/ip_forward
must be 1.

cyanid3 · #3 28th June 2005, 03:00 AM

Hrm, it's already set at 1. Could it be anything else?

ghenry · #4 29th June 2005, 10:00 AM

What about the input chain?

cyanid3 · #5 29th June 2005, 03:31 PM

The policy for input is accept

vladimir · #6 2nd July 2005, 04:05 AM

in /etc/sysconfig/network file make sure there is a line which says
FORWARD_IPV4 = yes

cyanid3 · #7 20th July 2005, 04:34 AM

Quote:

Originally Posted by vladimir

in /etc/sysconfig/network file make sure there is a line which says
FORWARD_IPV4 = yes

I get errors when restarting the interfaces when I add this in. Could this be the problem?

Also, my input chain is set to accept all.

nikita99 · #8 20th July 2005, 02:55 PM

Quote:

Originally Posted by cyanid3

I'm trying to get iptables to forward packets from one interface to another.
I'm trying this:

Code:

iptables -P FORWARD DROP
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth1 -j ACCEPT

What am I doing wrong?

what are your failure records? how can you see it doesn't work?
do you use tcpdump on the interfaces?

cyanid3 · #9 4th September 2005, 06:16 PM

Okay, after a little bit of frustration I reinstalled the operating system, and decided to give it another shot. I did everything above and it still isnt forwarding packets.

the forwarding computer has ip's 192.168.0.102, and 192.168.3.1.
I want to be able to ping google.com from 192.168.3.102, but when I try i get, "Ping request could not find host google.com. Please check the name and try again."
The gateway on the client computer is set to 192.168.3.1.
The routing table on the forwarding computer is: "
[root@gatekeeper ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth2"

This is really ticking me off. Is there anything else that I could try/check?

jp110 · #10 10th September 2005, 03:21 AM

For starters, what is on eth0?
and where is 169.254 from?
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth2"