[ale] ip route and using linux as a "real" router

[Dow Hurst]

Grant,
There are several issues at work here.  I don't have time at the moment 
to write about everything but the Linux router how to addresses alot of 
them.  Remember to start forwarding packets or nothing will cross the 
router.  You probably will have to proxy_arp too since the upstream 
router needs a way to get the MACs of the inside machines if your 
creating a subset of a subnet.  Let's see:
echo 1 > /proc/sys/net/ipv4/ipforward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp

Not sure if you proxy_arp on just eth0 or if that should be all 
interfaces instead.  The newer networking options under ipv4 aren't 
jogging my memory.  Maybe someone else can comment here.  Also you will 
need a network address IP that isn't used, a router eth0 IP, a router 
eth1 IP, and a broadcast IP that also isn't used out of your assigned 
range that are used to define the subnet.  Somebody who know this kind 
of stuff inside and out is Bob Toxen at Fly-By-Day Consulting.  He would 
be able to whip this out for you very quickly since he does this stuff 
all day, everyday! 

If you can't ping the LAN IP of your router from a machine on the WAN 
side of the router then you certainly won't be able to ping any internal 
LAN IP from the outside.  Your successful ping to the .210 IP from the 
router works because your router's inside/LAN interface is directly 
connected to that internal machine's interface.  Your getting arp 
routing that directs the ICMP packet to the .210 machine from the 
router's LAN interface.  Does that make sense?  Run arp -a on the router 
and you will see that it knows the internal machines MAC address from 
arp packets sent on the internal LAN.  It doesn't have to be enabled for 
ip_forwarding of TCP packets between interfaces for that to work.  That 
is just ethernet level routing on the local lan.  TCP or UDP routing 
requires ip_forwarding to be enabled.
Good luck,
Dow


Grant Robertson wrote:
>I'm very confused, so if I'm way off base in anything I write, forgive
>me and correct me.
>
>I have a /28 network that I need to route through/using a 2.2 kernel
>machine. The machine that will act as a router has a main ip of
>x.x.67.227, and the subnet I'm trying to route is x.x.72.208/28
>(addresses 209-215).
>
>I thought if I added x.x.72.209 to the "router" machine, and then
>modified my route table that it would pass the packets as I expected..
>
>'ip route add x.x.72.208/28 via x.x.72.209'
>
>That command succeeds, and indeed the route table then shows
>
>x.x.72.208/28 via x.x.72.209
>
>but trying to ping x.x.72.210 (the only machine on the new network so
>far) from outside results in
>
>Reply from x.x.67.227: Destination host unreachable.
>
>if I ping that .210 machine from the router, it works. (with or
>without the route line.. )
>
>I've tried in vein to search for info on ip route, and I find plenty
>but, nothing that I've been able to really apply. It's either far to
>simple, or far to complex..
>
>Can anyone tell me what I might be doing wrong? Or point me to a doc
>that I should be reading/folowing?
>
>Many thanks.
>-G
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
>