G'Day,
How do I add a route through my firewall/route table to my modem (IP 10.0.0.2?) I have my network connected to my Linux box through eth1, which passes all internet requests to my modem through eth0.

I've had a browse through man, but can't get it working.

the command I've tried is:

route add -net 10.0.0.2 netmask 255.255.255.0 dev eth0

Cheers

Assuming that your eth0 / eth1 are configured with IP addresses that are part of the allocated range of adressing used by the networks, no route statements are necessary. The networks are 'local'. An interface with address/netmask of say 10.0.0.2/255.255.255.0 will assume it can locate all devices with addresses in the range 10.0.0.1 to 10.0.0.254, with .0 and .255 being special addresses not usable by physical devices ( network address and broadcast address respectively ).

It sounds as though you want to forward traffic from one network to the other. You will need routing capability compiled into the kernel, and have ip_forward enabled:

cat /proc/sys/net/ipv4/ip_forward

If this returns 0, ip packets will be not forwarded. You can enable this by editing the file and replacing 0 with 1.

If this returns 1, ip packets will be forwarded, so systems on the eth1 network will be able to reach your router ( and internet hosts ) by using the IP address of the eth1 interface as their default gateway.

You will also need iptables / ipchains set up to forward packets too - something like

iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

which says to allow the forwarding of packets from eth1 to eth0,and whatever networks these are part of.

An excellent explanation.

If i remember correctly, being a /proc file, ip_forward needs to be set every time you boot?

Yes, although rather than write any custom script that handles this, the /etc/sysctl.conf is an easier way to set kernel environment variables at boot, and is processed as part of the init routine.

Put a

net.ipv4.ip_forward = 1

in this file and all should be taken care of, the box will forward packets as soon as the interfaces are up - iptables forwarding and filtering rules are usually loaded prior to the network ports being activated.

You can tune any network performance variable in this way, mess around with tcp window sizes, retransmit delays, and all sorts of low-level stuff.