[SATLUG] Network Issue

John Pappas j at jvpappas.net
Tue Dec 11 04:40:50 CST 2007


Not sure why you are double NAT'ing, but none the less:
-- If you are having a iptables issue, an `iptables -L` would help, but you
do say "all accept"
-- You will need to be masq'ing the packets that transverse eth0 <-> eth1,
unless you are a packet sniffer (your ip use indicates otherwise), so you
will need FORWARD rules to pass the traffic back and forth.  See
http://www.aboutdebian.com/firewall.htm.

I assume that this is a learning project, given the double NAT, so some
other configurations to play with:
1.  Transparent Firewall : Place your Linux box at Layer 2 and then do your
firewalling.  This makes your Linux box "Invisible" to the network, as it is
working on the MAC level. See http://www.securityfocus.com/infocus/1737 and
http://www.faqs.org/docs/Linux-HOWTO/Ethernet-Bridge-netfilter-HOWTO.html
2.  Use dhcpd on your Linux box, rather than your Linksys, then hack your
router with dd-wrt so that you then have a very capable firewall coupled
with a capable wireless access point.  That way your config is much simpler
and much more capable.
3.  Add another interface to the Linux box and play with DMZ configurations.

Hope that helps!
John

On Dec 10, 2007 10:44 PM, Brad Taylor <linuxinfo at satx.rr.com> wrote:

>        I am having a problem with pinging stations inside my home network.
> I
> have a Linux box acting as my gateway with 2 NICs. Eth0 is connected to
> the WAN (Cable Modem)and has my public ip. Eth1 is connected to a
> Linksys router which is handling the DHCP. Eth1 has a private ip of
> 192.168.2.1 which connects to the router at 192.168.2.2.         The
> internal
> LAN has a range of 6 IPs 192.168.1.1 - 192.168.1.6. I can ping from a
> station inside of the LAN to Eth0, but I cannot ping from Eth0 to any of
> the stations. I thought I added my routes correctly using:
> sudo route add -net 192.168.1.0 netmask 255.255.255.248 dev eth1
> but when I attempt to ping an IP I am still not able to get through. I
> checked the PC and router firewall and I am not blocking anything. My
> netstat shows:
> owner at BigBoss:~$ netstat -r
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
>  Iface
> 192.168.2.0     *               255.255.255.252 U         0 0          0
> eth1
> 192.168.1.0     *               255.255.255.248 U         0 0          0
> eth1
> xx.x.x.x       *               255.255.248.0   U         0 0          0
> eth0
> default         cpe-xx-x-x-x.s 0.0.0.0         UG        0 0          0
> eth0
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to unsubscribe
> Powered by Rackspace (www.rackspace.com)
>


More information about the SATLUG mailing list