[Nottingham] Problems configuring second network card

David Luff nottingham at mailman.lug.org.uk
Sun Apr 6 22:58:00 2003 

Mike writes:

> On Sun, 2003-04-06 at 01:07, David Luff wrote:

> > cat /proc/sys/net/ipv4/ip_forward gives 0 :-(
> > 
> > After echo "1" > /proc/sys... it still gives 0.
> 
> no idea why this doesn't work but if you do vi
> /proc/sys/net/ipv4/ip_forward and change 0 to 1 this should have the
> same effect
> 

I found that in /etc/network/options there was the line
ip_forward=no

Changing this to ip_forward=yes had the required effect.

I still couldn't get forwarding to work until I typed

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

which I found on the Libranet forums (other folk have apparently had this problem!), at which point it worked - the 'doze box connected to the net :-)

However, I'm not entirely sure why I had to type this - my firewall script (MonMotha) contains the following:

# Set up basic NAT if the user wants it
if [ "$MASQ_LAN" != "" ] ; then
	echo -n "Setting up masquerading: "
	if [ "$MAC_MASQ" = "" ] ; then
		for subnet in ${MASQ_LAN} ; do
			${IPTABLES} -t nat -A POSTROUTING -s ${subnet} -o ${INET_IFACE} -j MASQUERADE
			echo -n "${subnet}:MASQUERADE "
		done
	else	
		for address in ${MAC_MASQ} ; do
			${IPTABLES} -t nat -A POSTROUTING -m mac --mac-source ${address} -o ${INET_IFACE} -j MASQUERADE
			echo -n "${address}:MASQUERADE "
		done
	fi
	echo
fi

and includes the following output when manually started:

Local Traffic Rules: 192.168.0.0/24:ACCEPT 192.168.1.0/24:ACCEPT loopback:ACCEPT 
Setting up masquerading: 192.168.0.0/24:MASQUERADE 192.168.1.0/24:MASQUERADE 

It's in /etc/init.d and marked executable, so I assume it's getting run at startup?

Anyway, thanks for the help to all who responded, I'm reasonably happy now, and just have the problem with not being able to get both cards to come on line at bootup time.  On which point, does anyone know what /etc/network/ifstate is meant to contain, and what it's significance is, and whether I should be manually editing it or not?  Mine contains either

lo=lo
eth0=eth0

or 

lo=lo
eth0=eth0
eth1=eth1

depending on what I've been doing with the interfaces file.  

Cheers - Dave