RE: Routing problem in RH5.1 (???) (Scheme redrawn)

["vic777 primenet com" <vic777 primenet com>]

I couldn't make complete heads or tails out of your diagram, but we had to split out and subnet our network.  This usually means breaking out the calculator and figuring out what the appropriate subnet is.  If you want to route through the dual-nic machine, the router needs to appear to be out of range or on a different subnet from your internal network.  In our case, we split a network with a netmask of 255.255.255.224 into 2 networks each with a subnet of 255.255.255.240.  If you are using a firewall that uses true NAT (not IP Masquerading if you need inbound traffic to be redirected to say a web server behind the firewall), you can avoid all of this headache.  There is also something called IP-Chaining which we did not look into implementing.  Once the network was split, we pointed the internal NIC to the second subnet and the external NIC to the network number that the router was using.  I am sure this is not the definitive answer, but it worked for us.  One last note, if your router is managed by an ISP or someone other than yourself, make sure they are aware of the split, but do NOT ask them to reconfigure the router to point to both sub-netted networks.

-----Original Message-----
From:	Paulo Afonso Graner Fessel @UOL [SMTP:pafessel uol com br]
Sent:	Wednesday, October 28, 1998 7:52 PM
To:	redhat-install-list redhat com
Subject:	Routing problem in RH5.1 (???) (Scheme redrawn)

	Hi again.

	The scheme was unreadable, so here it goes again...

------- Forwarded Message Follows -------
From:           	Self <Single-user mode>
To:             	redhat-install-list redhat com
Subject:        	Routing problem in RH5.1 (???)
Send reply to:  	pafessel uol com br
Date sent:      	Thu, 29 Oct 1998 01:39:22 -0200

	Hi, guys. 

	PERHAPS an answer for this question has been posted somewhere else before.  
Anyway, I've searched thru the list archives and I haven't found a solution  
for the problem, so here it goes... 

	I have a Linux RH 5.1 machine which I'm setting up for use as a firewall.  
The logical topology of the network is as follows: 

	10.66.32.0/24                              10.66.16.0/24 
-----------------------------    -------------------------					 
      |     10.66.32.151   |      |	 10.66.16.151    | 10.66.16.150 
      |     (eth1)		+---------------+	    (eth0) +------------+ 
      |                |    RH 5.1     |           | Cisco 2501 | 
  +------+             | 2.0.35 Kernel |           +------------+ 
  |Win NT|             | (from RedHat) |
  | Wkst |             +---------------+	 
  +------+
10.66.32.240 

	The RH 5.1 has two NICs: one Intel EtherExpress Pro 100+ and one 3Com 3C905. 


	The case is as follows: from the RH5.1 machine, I can ping either the Cisco  
2501 and the Win NT Workstation machine, and this is the behavior I expect to 
 have. But from the NT, I can't ping the Cisco router. I can only reach the  
ethernet interface at 10.66.16.151; every other machine in the 10.66.16  
network remains inaccessible from the 10.66.32 network. In the 10.66.16 side, 
 I have also an AS/400 machine, and I can't ping it either. Also, if I do a  
"traceroute -i eth1 10.66.16.150" in the Linux box, I can't reach no machine  
at 10.66.16 network. 

	The routing tables are set up correctly: eth1 points to 10.66.32 network,  
eth0 points to 10.66.16 network and my default gateway as set in the RH  
machine is 10.66.16.150 (Cisco's ethernet). The Win NT workstation has  
10.66.32.151 as its default gateway (the eth1 network). 

	What can be wrong? I have enabled ip_forward both in the kernel and in  
/etc/sysconfig/network. When I make "echo x > /proc/sys/net/ipv4/ip_forward"  
with x = 1 or x = 0, I also can see in the syslog the messages "sysctl:  
ip_forwarding enabled" or "sysctl: ip_forwarding disabled" respectively (the  
messages aren't exactly these, but this is the meaning anyway). That is, the  
kernel is answering the sysctls to enable/disable ip forwarding. Finally,  
I've disabled all the blocking/forwarding rules and set the default policy to 
 "accept", with no results whatsoever. 

	I've thought about getting a pristine 2.0.35 kernel source (without the  
digital remastering done by RH) and compile it from scratch. Could this solve 
 the problem? 

	Also, is there a chance that this would be caused by a loop in the hubs or  
something like that? The site's physical installation is a little messy, and  
I'd like to know from you whether a loop in the hubs could also cause this. 

	TIA, 
		Paulo Fessel 


+---------------------------------------------------------------------------+
|       Paulo Afonso Graner Fessel, ou "Paulao" - pafessel uol com br       |
| E-mail no emprego: pafessel netsol com br | Tel domestico: 55-11-8262644  |
| "Isto não está certo. Aliás, isto nem mesmo está errado."(Wolfgang Pauli) |
+---------------------------------------------------------------------------+


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
		http://www.redhat.com http://archive.redhat.com
         To unsubscribe: mail redhat-install-list-request redhat com with 
                       "unsubscribe" as the Subject.