Forwarding not work in FC9 but ip_forward is turn on

Mike Wright mike.wright at mailinator.com
Mon Sep 22 20:07:32 UTC 2008 

ppps wrote:
> Hi, guys
> I would please ask for their help with a problem that has frustrated me. Then I describe the scene
> I installed FC9 on my PC that will work as official proxy / firewall. The pc has 3 network cards
> eth4, eth5 and eth6
> eth4-> 192.168.5.254 -> to a router
> eth5-> 192.168.1.231 -> toward LAN1
> eth6-> 192.168.10.250 -> toward LAN2
> 
> - A cat / proc/sys/net/ipv4/ip_forward returns 1,
> - Also I have set in / etc / sysctl.conf net.ipv4.ip_forward = 1
> - A ping from LAN2 to say 192.168.10.20 toward 192.168.10.250 work without problems
> - A ping from 192.168.10.20 works toward 192.168.5.254
> - A ping 192.168.5.1 from FC9 toward running smoothly
> - A ping from FC9 to 192.168.1.250 running smoothly
> - Mii-tol eth4 eth5 eth6 returns
> eth4: negotiated 100BaseTX-FD flow-control, link ok
> eth5: negotiated 100BaseTX-FD flow-control, link ok
> eth6: negotiated 100BaseTX-FD flow-control, link ok
> 
> - A ping from 192.168.10.250 toward 192.168.10.20 not work!!!
> - A ping from 192.168.10.20 to 192.168.5.1 via 192.168.10.250 as gw does not work.
> - A tracert from 192.168.10.20 to 192.168.5.1 return
> 192.168.5.1 to trace paths on a maximum of 30 hops
> 1 1ms  192.168.5.1: ICMP echo request
> 192.168.5.1> 192.168.5.254: ICMP echo reply
> 192.168.5.254> 192.168.5.1: ICMP echo request
> 192.168.5.1> 192.168.5.254: ICMP echo replay
> and therefore from fedora if I can do ping.
> - A cat /etc/selinux/config return
> SELinux=disabled and SELINUXTYPE =targeted.
> - A route-n
> Destination Gateway Genmask ... Ifacex
> 192.168.5.0 0.0.0.0 255.255.255.0 .... eth4
> 192.168.1.0 0.0.0.0 255.255.255.0 .... eth5
> 192.168.10.0 0.0.0.0 255.255.255.0 .... eth6
> 169.254.0.0 0.0.0.0 255.255.0.0 .... eth6
> 
> iptables has no rule, in fact I have executed the following
> iptables -t nat-F
> iptables -t mangle-F
> iptables -t filter-F
> iptales -P INPUT ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
> 
> What I can conclude that the forwarding is not working properly, or only partially. I have tried to add other options in sysctl.conf without success.
> 
> I wish I could help me because I'm overwhelmed with this problem, you might miss something you add or remove within sysctl.conf or SELinux really much appreciate your help.
> 
> Best regards
> 
> Sorry for my bad English !!!

No problem.

You need to have routes to those networks:

/sbin/ip route add 192.168.1.0/24 dev eth5
/sbin/ip route add 192.168.10.1/24 dev eth6
/sbin/ip route add default via 192.168.5.254 dev eth4


Hope that helps,
Mike Wright :m)

More information about the fedora-list mailing list