routes are killing me - how to?

Stefan Jeglinski yellowdog-general@lists.terrasoftsolutions.com
Wed Nov 6 18:29:01 2002 

I am setting up the following configuration in preparation for 
setting up a firewall; behind the box are all the machines on the 
192.168.0.0 network.

                   +-------------------------+
                   |                         |
192.168.0.0 ------+ eth0 (192.168.0.1)      |
                   |                         |
                   |                         |
                   |   (63.220.231.132) eth1 +-+- router (63.220.231.129)
                   |                         | |
                   +-------------------------+ |
                                               |
                                               |
                 other 63.220.231.128/26 IPs --+

The box has 2 physical interfaces eth0 and eth1. I'm showing all real 
IPs from our /26 block for clarity, so please don't try to hack or 
dos us :-)

I can't figure out how to construct the table to route traffic from 
the private network onto the public and vice versa. My ifcfg-eth0, 
ifcfg-eth1, and network files read:

::::::::::::::
/etc/sysconfig/network-scripts/ifcfg-eth0
::::::::::::::
DEVICE=eth0
IPADDR=192.168.0.1
NETMASK=255.255.255.0
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
ONBOOT=yes
BOOTPROTO=none

::::::::::::::
/etc/sysconfig/network-scripts/ifcfg-eth1
::::::::::::::
DEVICE=eth1
IPADDR=63.220.231.132
NETMASK=255.255.255.192
NETWORK=63.220.231.128
BROADCAST=63.220.231.191
ONBOOT=yes
BOOTPROTO=none

::::::::::::::
/etc/sysconfig/network
::::::::::::::
NETWORKING=yes
FORWARD_IPV4=no
HOSTNAME=orion.4pi.com
DOMAINNAME=4pi.com
GATEWAY=63.220.231.129
GATEWAYDEV=eth1

Bringing up the network then creates this routing table:

Destination     Gateway         Genmask         Flags Iface
63.220.231.128  0.0.0.0         255.255.255.192 U     eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     lo
0.0.0.0         63.220.231.129  0.0.0.0         UG    eth1

This is my starting point. My problem is that nothing on the private 
network can ping anything, not even 192.168.0.1, and I seem to 
believe that it will all work if I can just add the correct routes to 
the table. I've been trying to read on-line dox and have done all 
sorts of things to the routing table to make this work, but none 
have. I won't try to repeat all those here. I have no way to know if 
I'm really way off base to begin with or whether I just have to add a 
small tweak.

Any *knowledgeable* help greatly appreciated!


Stefan Jeglinski