comp.os.linux.networking

Never mind, I found my mistake. The routing table of one of the hosts
was not exactly as described below, and was causing return packets to be
lost. I made the configuration actually agree with what I described and
now it works. Sorry to bother people.

David Zelinsky wrote:
> I'm trying to set up a firewall/gateway, and I can't seem to get
> ip forwarding to work. I'm using linux kernel 2.6.23 with iptables
> enabled. Here's what happens.
>
> The firewall machine has two interfaces (both on private networks, for
> testing purposes):
>
> IF IP Netmask
> eth0 192.168.0.1 255.255.255.0
> eth1 10.0.0.1 255.255.255.0
>
> This is the routing table:
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
>
> I enable IP forwarding, with 'echo 1 >/proc/sys/net/ipv4/ip_forward'
>
> I have the iptables_* modules loaded (* = forward,nat,mangle,raw).
> There are no rules in any of the tables, but all have ACCEPT as the
> default policy.
>
> I have two other machines, one at 192.168.0.2 (connected to the same
> hub as firewall's eth0) and one at 10.0.0.2 (connected via crossover
> to firewall's eth1).
>
> From the firewall, I can ping both the other hosts.
> From either host, I can ping the firewall at both 192.160.0.1 and 10.0.0.1.
>
> With this setup, I expect to be able to ping 10.0.0.2 from 192.168.0.2
> (and vice versa), with packets routed through the firewall, but it
> doesn't work.
>
> What am I overlooking?
>
> I did try putting explicit iptables rules in the FILTER chain of the
> forward table, but it didn't make any difference.
>
> Any suggestions would be much appreciated.
>