Linux Router - subnet cannot see internet

[tecknophreak]

I have two machines, one(router) tied into my LAN, which can talk to the internet, the other connected to the router. The "client" PC can ping a machine on the LAN if that machine is setup to use the router as the gateway. I can also run iperf through these two machines. I can't, however get ssh to work from the "client" pc to the lan pc. The router and client pcs both use Fedora 7.

I also can't get my client pc to talk to the internet.

Here's the two ifcfg files for the two nics in the router:

DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:1A:92:95:C2:FE
ONBOOT=yes
DHCP_HOSTNAME=netlink
TYPE=Ethernet

DEVICE=eth1
BOOTPROTO=none
HWADDR=00:0E:0CA:55:8E
ONBOOT=yes
DHCP_HOSTNAME=netlink
IPADDR=192.168.1.1
NETMASK=255.255.255.0
GATEWAY=192.168.0.5

And here's my router script:

#!/bin/bash

/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
/sbin/iptables --table nat --delete-chain

/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
/sbin/iptables --append FORWARD --in-interface eth1 -j ACCEPT

/sbin/iptables --table nat --append POSTROUTING --out-interface eth0
/sbin/iptables --table nat --append POSTROUTING --out-interface eth1

echo 1 > /proc/sys/net/ipv4/ip_forward

eth0 will always get 192.168.0.5 from the DHCP server. If eth0 is using DHCP, would that create a problem at all?

Any ideas/questions?

[bwkaz]

Your NIC has to have an IP address on the same subnet as its default gateway (or needs to have a route to the default gateway's subnet, which must point at a machine on its subnet -- which sort of defeats the purpose of a default gateway).

192.168.1.x and 192.168.0.x are different subnets if your subnet mask is 255.255.255.0.

Edit: Err, never mind, that's not what's going on (I don't think). I'll leave it there anyway, though, because it's still true.

What I think is going on, is you're setting the default gateway to a NIC on the local machine (right?). This won't work either -- packets whose destination doesn't have a route will be sent to the default gateway, which is this machine, and will subsequently go nowhere. You need to have the default gateway be another address on the same subnet as the public NIC -- it should be the private side of whatever you use as an internet connection. So it should look like:

internet ---- <public address assigned by ISP> | <router-type device> | <router-type device's private NIC and private address> ---- <eth0?> | <Linux box with 2 NICs> | <eth1?> ---- <other linux box>

(Where ---- is a cable, and | separates a NIC from its parent machine.)

If I have those eth* names correct, then you need to assign eth0 an address on the same subnet as <router-type device's private NIC and private address>, and you need to assign a default gateway of that private address. Then on the clients (on the eth1 side of the Linux box) need to have the address of eth1 set as their default gateway.

[tecknophreak]

internet ---- <public address assigned by ISP> | <router-type device> | <router-type device's private NIC and private address> ---- <eth0?> | <Linux box with 2 NICs> | <eth1?> ---- <other linux box>

So I have:
internet ---- <???> | <router-type device> | <192.168.0.1> ---- <192.168.0.5:GW192.168.0.1> | <Linux box with 2 NICs> | <192.168.1.1:GW192.168.0.5> ---- <192.168.1.2:GW 192.168.1.1>

Should I have a gateway for eth1 since I have the routing turned on for ETH0<-->ETH1 on the Linux box? By checking route, all traffic not going to 192.168.1.x goes out eth0. Perhaps that's my problem.

[bwkaz]

Um, a machine only has one default gateway. (The default gateway is a property of the routing table, and all NICs share the routing table.) The default gateway on the dual-NIC machine (the line in the output of /sbin/ip route show that starts with "default") should be 192.168.0.1, according to your diagram, not .0.5.

The machine with address 192.168.1.2 should have .1.1 as its default gateway, as you have it. But I'd only assign the default gateway once on the other machine -- and assign it to .0.1.

(I suspect the issue is that your default route is getting overridden when your distro configures eth1. Removing the GW setting from the eth1 config should fix it if that's the cause.)

[knute]

The command that you need to check your routes is, of all things, route. You need to be root in order to use route, it will simply show you what the routing tables are for the machine that it's run on, as well as to be able to modify them.

HTH