routes are killing me - how to?

Stefan Jeglinski yellowdog-general@lists.terrasoftsolutions.com
Wed Nov 6 19:26:00 2002 

>To do what you're asking about will require more than simple routes.

I was wondering about that.

>From what I could gather, your routing table looks okay to me.  You don't
>say whether the box acting as router can see anything - from the router, can
>you ping a host on the 63.x.x.x network?  Can you ping anything on the
>192.x.x.x network?

When you say "from the router" do you mean from the Linux box acting 
as the router, or the physical router shown in my diagram? The Linux 
box can ping all on the 63.x.x.x network as well as the physical 
router. The linux box can ping 192.168.0.1. The Linux box cannot ping 
the other 192.x.x.x hosts.

>   It's not necessarily a problem if hosts on the inside
>can't ping anything - worry about that after you make sure the router is
>working properly.  If for some reason the router can't see those other
>networks you may need to go back & double check the NIC's / wiring / etc -
>could very well be a physical problem...

All of this equipment is working I believe. All of the machines in 
the private network were just on the public network, as was (is) the 
Linux box. If I do the following for example, everything works (and I 
can still ping 192.168.0.1 from the Linux box):

              +--------------------------------+
              |                                |
              |    +-------------------------+ |
              |    |                         | |
63.220.231.x-+  --+ eth0 (192.168.0.1)      | |
                   |                         | |
                   |                         | |
                   |   (63.220.231.132) eth1 +-+- router (63.220.231.129)
                   |                         | |
                   +-------------------------+ |
                                               |
                                               |
                 other 63.220.231.128/26 IPs --+



>Now, on to the rest.
>
>What you want to do here is called masquerading, or NAT.  You'll need to
>configure IPTABLES to allow you to do the masquerading.  If you test your
>router & see that physical connectivity looks okay from that machine, you'll
>just need to set up the firewall to actually route the packets for you.
>This page is a good starting point:

So, my understanding is weak. I thought I first had to get the 
routing table configured to pass packets from the private network 
through the Linux box to the outside world, then set up iptables as 
an add-on. IOW, since I first want to pass all traffic (get it 
working), I thought I didn't need iptables as a first step. You're 
saying there's an interrelationship that is unavoidable, eh?


Stefan Jeglinski