Date: 2017-06-25 09:15 pm (UTC)
deskitty: Angry pouncy siamese cat head (Default)
From: [personal profile] deskitty
So, it's been a long time since I've touched Linux routing (college, maybe?), but here's some tidbits from what I remember.

Quick checklist of "did you plug it in" things:

  1. Are routes/gateways configured correctly on all affected systems including the router?

  2. sysctl net.ipv4.ip_forward == 1

  3. iptables -t nat -L has proper entries (IPs and interfaces) for all your networks in POSTROUTING (and PREROUTING for anything in the DMZ with forwarded ports).

    • You may need to do something special for UPnP if you want to enable it for systems in your internal network; I'm not sure what that would entail since I've never had to do this myself.

  4. iptables -L has appropriate ACCEPT rules in the FORWARD chain.

  5. Make sure you don't have any other rules (in INPUT and OUTPUT) that would drop packets that would otherwise be routable.

More details would be helpful -- what exactly are you observing that suggests forwarding isn't happening? (Wireshark/tcpdump, missing TCP ACKs, etc.?)

If none of the above rings a bell, I suggest taking tcpdump traces on the router at your ingress and egress interfaces, and comparing what's coming in with what's going out. That would help narrow things down.
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

September 2017

3456 789
1011 12 13141516
17 181920212223

Most Popular Tags