Forwarding not work in FC9 but ip forward is turn on

Tue Sep 23 15:05:30 UTC 2008

>First off, what is that extra netstat -rn entry for eth6
>(169.254.0.0...looks like some Windows default garbage)? Can't help but
>wonder what that's doing to routing to the 192.168.10 network on the
>machine.
I have tried to eliminate that route with the command
route del -net 169.254.0.0 netmask 255.255.0.0
This eliminates the route but on reboot again and lift it
I do not know which file to modify to be removed.

I think that you really don't need to worry about this route. 
It's used for default networking when your system is set to DHCP but does not get an address from a DHCP server 
(NIC self-assigns a 169.254.x.x address to itself). This also happens on Windows.
I think that, the route itself will have no effect on your connectivity or networking.

>Next, why do you get two different traceroute results when you
>traceroute host 192.168.10.20 as shown below (doesn't make any sense)?:

In the first tcpdump command,    
ping from 192.168.10.250 to 192.168.10.20

|firewall |--x-->|switch |----> | host 192.168.10.20 |

In de Second tcpdump command
ping from 192.168.10.20 to 192.168.5.1

|host 192.168.10.20 |---->|switch |----> | FIRWALL |--x-->| switch |-----> | HOST 192.168.5.1 |

In two previous cases, it do not work.
The fact is that if any host of any lan to an internal interface of the router, then work. Example
192.168.1.201 (HOST) -> 192.168.1.231 (ROUTER) works!!!
192.168.10.20 (HOST) -> 192.168.5.254 (ROUTER) works!!!
192.168.1.201 (HOST) -> 192.168.10.250 (ROUTER) works!!!

>1) there is no default gateway entered in your netstat -nr command. Gateway 0.0.0.0 is
>missing in your routing table. So, where do you expect to go your traffic to?
>Can't help but wonder what that's doing to routing to the >192.168.10 network on the machine.   

I think that is not the problem since the gw will only be used when I try to connect to a network from which 
it is not in my routing table and this is not the case because I only forward packets between the networks directly connected to the router.

>2) you need the appropiate entries for accepting connections with iptables. 
> just setting the ip.forward.v4 param is not that enough (IMHO). 
  I think so!!!
>Use system-config-firewall:
>- set the NIC you want to accept connection as a trusted device (for test purposes now)
>- add a forward rule to the nic, you want to to forward, such as :
>iptables -A FORWARD -i [NIC_TO_FORWARD] -j ACCEPT
>
>Try, then you should see using iptables -L -v some traffic on the NIC and in the FORWARD
>state.
I have also tried your suggestion but unfortunately it did not work: (

thanks a lot for your help.

Best regards

-- 
This is an email sent via the webforum on http://fcp.surfsite.org
http://fcp.surfsite.org/modules/newbb/viewtopic.php?post_id=291771&topic_id=61844&forum=10#forumpost291771
If you think, this is spam, please report this to webmaster at fcp.surfsite.org.