Results 1 to 2 of 2

Thread: IP Routing/Forwarding Puzzle: Can't get it to work. Tried a lot of things

  1. November 6th, 2011 #1
    radarman
    radarman is offline First Cup of Ubuntu
    Join Date
    Aug 2008
    Beans
    9

    IP Routing/Forwarding Puzzle: Can't get it to work. Tried a lot of things

    So, I am trying to use my ubuntu box as a router on my home LAN. I used to do it successfully with 10.x versions. I've put together a new box, installed 11.10 x64 server, upgraded everything I could. I did enable IPv4-forwarding in /etc/sysctl.conf. I checked a lot of things and tried a lot of things, but can't get IP-forwarding to work, and I miss it! When clients connect to my ubuntu host they get dhcp info successfully and they can resolve DNS fine, but fail to ping or access anything outside the linux box.

    The setup looks like this:

    Code:
    	 Internet
	     |
        [ dd-wrt  ]
        192.168.1.1
             |
             |
             |
     eth0: 192.168.1.2
     [ linux router  ]
     br0: 192.168.10.1
             |
             |
          laptops
    My bridge has 4 ethernet ports, all on a single pci-e card:

    Code:
    root@tank:/# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.00e0ed110e82	no		eth1
							eth2
							eth3
							eth4
    My ifconfig looks like this:

    Code:
    br0       Link encap:Ethernet  HWaddr 00:e0:ed:11:0e:82  
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:edff:fe11:e82/64 Scope:Link
          ...

eth0      Link encap:Ethernet  HWaddr bc:ae:c5:c1:f8:9c  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::beae:c5ff:fec1:f89c/64 Scope:Link
          ...

eth1      Link encap:Ethernet  HWaddr 00:e0:ed:11:0e:82  
          ...

eth2      Link encap:Ethernet  HWaddr 00:e0:ed:11:0e:83  
          ...

eth3      Link encap:Ethernet  HWaddr 00:e0:ed:11:0e:84  
          ...

eth4      Link encap:Ethernet  HWaddr 00:e0:ed:11:0e:85  
          ...

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          ...
    My routing table is like this:

    Code:
    root@tank:/# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 br0
    My iptables look like this:

    Code:
    root@tank:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
    Finally, here is my /etc/sysctl.conf. You can see that I enabled ipv4 routing and tried to disable anything IPv6:

    Code:
    root@tank:/# cat /etc/sysctl.conf 
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=0


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
    So I am at a loss! Why is my routing not working? Help!
    Advanced reply Adv Reply  
  2. November 8th, 2011 #2
    radarman
    radarman is offline First Cup of Ubuntu
    Join Date
    Aug 2008
    Beans
    9

    Re: IP Routing/Forwarding Puzzle: Can't get it to work. Tried a lot of things

    Ok, figured it out. DD-WRT needed a static route for 192.168.10.0 subnet.
    Last edited by radarman; November 8th, 2011 at 02:33 AM.
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct