There is a server with two network cards.

  • eth1 is looking to the network 192.168.1.0
  • eth2 at 192.168.2.0

There are two computers, comp1 is connected directly to the server through eth1, comp2 is connected directly through eth2. Registered static routes on the server and on two computers.

Bottom line: the server pings all, and the computers of each other can not.

comp1 pings the interface eth2, but comp2 does not see. comp2 pings the interface eth1, but comp1 does not see.

What did I miss?

  • one
    Do you have /proc/sys/net/ipv4/ip_forward value 1 ? If not, put it there, using echo or /etc/sysctl.conf - Mike
  • @Mike set one. Computers when ping each other write Destination host undeachable. - Vladimir
  • one
    Subnet mask on computers 255.255.255.0? And in the quality of the default gateway is the address of your linux? There may still be bans somewhere in iptables in the FORWARD table - Mike
  • @Mike Thanks for the answers, did not configure the gateway on the second machine. - Vladimir

1 answer 1

  1. on the "average" computer, packet transfer between interfaces must be enabled:

     $ echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

    in order for this setting to be applied even after a reboot, uncomment (or add, if not) the line in /etc/sysctl.conf :

     net.ipv4.ip_forward=1

  2. make sure that packet passing is not affected by netfilter rules. You can view them with the command:

     $ sudo iptables-save
  3. On “client” computers, make sure that the network and network mask are set the same as on the corresponding interfaces of the “middle” computer.
  4. On client computers, either the default route through the “middle” computer must be added, or a specific route must be added to the second network that passes through the “middle” computer.
  • I usually look at the rules of iptables with the command iptables -nvL But another firewall can be used, as well as being confused by selinux. - dsnk
  • @dsnk, iptables and iptables-save programs are usually present in all installations of popular distributions. - aleksandr barakin
  • I ran into Fedora not long ago, I had to put out the firewalld, there was no time to deal with its setting. - dsnk
  • @dsnk, well, this is about managing netfilter tables. and the contents of the iptables[-save] tables iptables[-save] will show correctly. - aleksandr barakin