solarbird: (molly-thats-not-good-green)
[personal profile] solarbird

I’m finally getting back to working on a new gateway/router server and I’m basically setting up this old-school sort of DMZ, with the rest of our servers hanging off one card, and our internal LAN/DHCP/NAT side hanging off the other. (Using ISC, which Debian seems to like.) And all of that seems to be right from the new server’s perspective, which is yay!

Except there’s no packet forwarding from the DHCP side even though it’s enabled and I’m sure I enabled it and yes the kernel thinks its enabled but it isn’t happening.

Any ideas where to start?

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

Date: 2017-06-25 09:15 pm (UTC)
deskitty: Angry pouncy siamese cat head (Default)
From: [personal profile] deskitty
So, it's been a long time since I've touched Linux routing (college, maybe?), but here's some tidbits from what I remember.

Quick checklist of "did you plug it in" things:

  1. Are routes/gateways configured correctly on all affected systems including the router?

  2. sysctl net.ipv4.ip_forward == 1

  3. iptables -t nat -L has proper entries (IPs and interfaces) for all your networks in POSTROUTING (and PREROUTING for anything in the DMZ with forwarded ports).

    • You may need to do something special for UPnP if you want to enable it for systems in your internal network; I'm not sure what that would entail since I've never had to do this myself.

  4. iptables -L has appropriate ACCEPT rules in the FORWARD chain.

  5. Make sure you don't have any other rules (in INPUT and OUTPUT) that would drop packets that would otherwise be routable.

More details would be helpful -- what exactly are you observing that suggests forwarding isn't happening? (Wireshark/tcpdump, missing TCP ACKs, etc.?)

If none of the above rings a bell, I suggest taking tcpdump traces on the router at your ingress and egress interfaces, and comparing what's coming in with what's going out. That would help narrow things down.

October 2017

12 3 4 567
8 91011 12 1314
15 16 1718192021

Most Popular Tags

Page Summary