routes are killing me - how to?

[Keary Suska]

on 11/7/02 9:29 AM, jeglin@4pi.com purportedly said:

> For the moment leaving aside security issues, it was my original
> thought that to get the private 192.168.0.0 network to exchange
> packets with the outside world, I had to correctly set up the routing
> table on the Linux box. At boot, the routing table created from
> information from ifcfg-eth0, ifcfg-eth1, and network files is:

If you manually added any routes, remove them. They are likely only going to
confuse the issue. As long as the network configuration files are correct,
you have all the routing you need.

> My first question was/is: is this routing table sufficient to allow
> the packets to be exchanged? AFAICT, the answer was it didn't matter
> because using iptables would magically fix it for me. And I was
> admonished to "just do iptables."

No. You need to masquerade. That's what ip tables is for--other than
firewalling, it can set up a masquerade (or NAT, if you prefer).

> I'm still not sure I'm doing iptables right anyway, but the issue is
> more fundamental than that. The hosts on 192.168.0.0 have the gateway
> device listed as 192.168.0.1, but they cannot ping 192.168.0.1, and
> vice versa. I believe this is a problem with the routing table. Am I
> wrong on this?

This means there is something wrong. The internal machines should be able to
ping the interface without needing masqing, forwarding, or any routes. Make
sure your subnet masks are correct. The internal interface (eth0, as I
understand) and all of the machines must be using the same subnet mask. None
of the internal machines should have ip forwarding on, or any routes
specified other than what is set up by default by the network configuration
files.

You will not have any success with masquerading until you have this issue
resolved.

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"