I'm overlooking something very simple, I know, but I've been looking at
this mess for so long, there's little hope now of my seeing what's
wrong.
For reference, I've uploaded a diagram of my network at
http://home.bellsouth.net/p/s/community.dll?ep=16&ext=1&groupid=266017&ck=
Please refer to it for the discussion below.
I'm preparing to replace a smoothwall box at my border with a
custom-configured Fedora machine (hostname gadwall). In order to test
the configuration of gadwall in its new role, I've set up a second
subnet inside my home network by putting petrel behind gadwall on the
.2 subnet. (Yes, I know, there's some serious triple natting at play.)
I added a route on osprey (192.168.1.3) that enables me to ssh in to
petrel (192.168.2.2). From petrel I can get to anything on the
192.168.1.0 subnet through gadwall. Unfortunately, from petrel I can't
get to the internet; gadwall isn't forwarding packets to smoothwall.
From gadwall itself I can get to the internet just fine.
Here's some net config stuff from gadwall.
[root@gadwall ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:B0:D0:82:6D:DB
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fec0::2b0:d0ff:fe82:6ddb/64 Scope:Site
inet6 addr: fe80::2b0:d0ff:fe82:6ddb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11416 errors:0 dropped:0 overruns:0 frame:0
TX packets:8144 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4871805 (4.6 MiB) TX bytes:1066146 (1.0 MiB)
Interrupt:5 Base address:0xe880
eth1 Link encap:Ethernet HWaddr 00:0F:B5:8D:63:D9
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20f:b5ff:fe8d:63d9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
TX packets:1223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:141635 (138.3 KiB) TX bytes:108304 (105.7 KiB)
Interrupt:5 Base address:0x4c00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1129 errors:0 dropped:0 overruns:0 frame:0
TX packets:1129 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1313920 (1.2 MiB) TX bytes:1313920 (1.2 MiB)
[root@gadwall ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@gadwall ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@gadwall ~]# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Here's a traceroute from petrel (192.168.2.2) to google.com
(72.14.207.99). Clearly, gadwall isn't forwarding to smoothwall.
[root@petrel ~]# traceroute 72.14.207.99
traceroute to 72.14.207.99 (72.14.207.99), 30 hops max, 38 byte packets
1 gadwall (192.168.2.1) 0.412 ms 0.144 ms 0.114 ms
2 * * *
But it works for .1 subnet addresses.
[root@petrel ~]# traceroute 192.168.1.3
traceroute to 192.168.1.3 (192.168.1.3), 30 hops max, 38 byte packets
1 gadwall (192.168.2.1) 0.412 ms 0.119 ms 0.092 ms
2 osprey (192.168.1.3) 0.206 ms !<10> 0.160 ms !<10> 0.154 ms !<10>
What route should I add to gadwall to make him forward packets from
petrel to smoothwall (and hence, the internet)?
Thanks,
Jay
