[evidex]

I'm attempting to forward all packets received on the ethernet interface of a Raspberry Pi to a USB Ethernet interface. The Raspberry Pi's interface (eth1) is connected to subnet 192.168.21.0, and the USB ethernet is connected to 10.0.0.0, with the raspberry pi statically assigned as 10.0.0.1

I've setup the following iptable rules;

$this->bbcode_second_pass_code('', '[root@pi_slave cmfadmin]# iptables -nvL
Chain INPUT (policy ACCEPT 256 packets, 18514 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
53 4452 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 271 packets, 30782 bytes)
pkts bytes target prot opt in out source destination ')

and enabled ipv4 forwarding;

$this->bbcode_second_pass_code('', 'sysctl -a | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.ifb0.forwarding = 1
net.ipv4.conf.ifb0.mc_forwarding = 0
net.ipv4.conf.ifb1.forwarding = 1
net.ipv4.conf.ifb1.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 1')

Finally, I added the following route to the server on the 192.168.21.0 subnet which needs to use the Raspberry Pi as a router;

$this->bbcode_second_pass_code('', '10.0.0.0 192.168.21.15 255.255.255.0 UG 0 0 0 eth0')

The server can ping the Pi on 10.0.0.1, as well as on 192.168.21.15, and the raspberry pi can ping devices on either subnet. However, devices on 192.168.21.0 cannot ping devices other than the Pi on 10.0.0.0.

What am I missing?

[WarheadsSE]

Do the devices on either side know that the Pi is the gateway to the other subnet?

[evidex]

Yup, the sure do, and devices on the 21.0 subnet can ping the Raspberry Pi on both 192.168.21.15 and 10.0.01

[WarheadsSE]

So you've got your routes set appropriately, and devices can ping the opposite interface, but not devices on the other side?

[evidex]

That's correct.

[krabat]

It seems the rule to forward traffic from eth1 to eth0 hasn't handled a single package yet. This imho suggests there's something wrong with the routing table on the Raspberry.
I think it would be good if you could post it, possibly as shown by 'ip address show', not by 'route'.

While you're at it you could tell us which tools are used to configure the interfaces.