[plug] Route (again)

[Matt Kemner]

On Mon, 15 Jul 2002, quoth Jonathon Bates:

> World		      Linux Router	  LAN
> www ip network <------>eth0-eth1<-------->203.1.2.3 /24 subnet.
>
> What is hte easiest way to get the world to connect to the LAN?

Assuming the routes are set up so the Linux Router can see the LAN, and
can also see the world, I would check the following:

1. Is the 203.x.y.0/24 subnet definately routed to your Linux Router by
   your ISP?
   Run traceroutes from external sites (eg Spark, or
   http://www.telstra.net/cgi-bin/trace) to check the packets are
   definately getting through to your Linux Router.

2. Ensure ip forwarding is on
     "cat /proc/sys/net/ipv4/ip_forward" should give you a "1"

3. Make sure the computers on your LAN are using the Linux Router
   as their default gateway.

4. Make sure your firewall is not interfering.  If in doubt, temporarily
   flush your firewall rules completely[0]
     iptables -F
     for CHAIN in INPUT FORWARD OUTPUT
     do
       iptables -P $CHAIN ACCEPT
     done

5. If all else fails, tcpdump is your friend.
   in 2 different terminals on the Linux Router run the commands:
     tcpdump -lni eth0
     tcpdump -lni eth1
   then try accessing the world from your LAN & vice versa, and watch the
   tcpdump windows to see what is actually happening to the packets.

> The routes that have been set currently are the standard routes
> that are created upon bootup of the machine.

Which are ... ?
What is the output of  "route -n" ?

 - Matt

[0] but be aware that this will open you up to "attack" so ensure all your
    software is up-to-date, configured properly etc[1]
[1] which should already be the case, because you should not be relying on
    your firewall alone...