Am Do, den 23.06.2005 schrieb Greg Swallow um 16:50: > Glory be dhcpd is working! > > At least for the a Windows box I have set up to test the network, but > nothing is routing. Entered > what I thought would work, but this is where I usually have to do > enough that I forget the exact > steps that make it actually function. > ifcfg-eth0 (192.168.0.101) > > DEVICE=eth0 > BOOTPROTO=dhcp > HWADDR=00:05:5D:2D:E3:B9 > ONBOOT=yes > TYPE=Ethernet > ifcfg-eth1 > > DEVICE=eth1 > BOOTPROTO=none Why "none"? Should be "static" > HWADDR=00:A0:CC:E2:D5:E4 > ONBOOT=yes > TYPE=Ethernet > NETMASK=255.255.255.0 > IPADDR=192.168.1.1 > USERCTL=no > PEERDNS=yes ¿Why do you set this? > IPV6INIT=no > GATEWAY=192.168.0.1 Better avoid setting "GATEWAY" in ifcfg-ethX, but set it in /etc/sysconfig/network. > Have also tried a default route on eth1 of: > > Destination: 192.168.1.1 > Netmask: 255.255.255.0 > Gateway: 192.168.0.1 (router) and 101 (eth0) Check the routes running "route -n". > iptables > > # Generated by iptables-save v1.3.0 on Thu Jun 23 05:16:29 2005 > *filter > :FORWARD ACCEPT [0:0] > :INPUT ACCEPT [0:0] > :OUTPUT ACCEPT [188:23056] > :RH-Firewall-1-INPUT - [0:0] > -A FORWARD -j RH-Firewall-1-INPUT > -A FORWARD -i ippp0 -m state --state INVALID,NEW -j DROP That second FORWARD rule is never reached as IPUT is left immediately with jump target RH-Firewall-1-INPUT. And to DROP connections in FORWARD direction with state NEW? > -A INPUT -j RH-Firewall-1-INPUT > -A INPUT -i ippp0 -m state --state INVALID,NEW -j DROP Nor this INPUT rule with input device ippp0 is ever reached. > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT > -A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT > -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j > ACCEPT > -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > COMMIT > # Completed on Thu Jun 23 05:16:29 2005 I am missing the masquerading rule for NAT. Something like that: *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] [0:0] -A POSTROUTING -o ippp0 -j MASQUERADE > GregS <>< And be sure you get $ grep "ip_forward" /etc/sysctl.conf net.ipv4.ip_forward = 1 1 means forwarding between the machine's devices is enabled. Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.27_FC2smp Serendipity 17:48:05 up 2 days, 2:02, load average: 2.62, 2.34, 1.75
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil