Fedora 4 routing config issue

Yang Xiao yxiao2004 at gmail.com
Sat Dec 10 17:50:00 UTC 2005 

On 12/10/05, J. K. Cliburn <jcliburn at gmail.com> wrote:
>
> I'm overlooking something very simple, I know, but I've been looking at
> this mess for so long, there's little hope now of my seeing what's
> wrong.
>
> For reference, I've uploaded a diagram of my network at
> http://home.bellsouth.net/p/s/community.dll?ep=16&ext=1&groupid=266017&ck=
>    Please refer to it for the discussion below.
>
> I'm preparing to replace a smoothwall box at my border with a
> custom-configured Fedora machine (hostname gadwall).  In order to test
> the configuration of gadwall in its new role, I've set up a second
> subnet inside my home network by putting petrel behind gadwall on the
> .2 subnet.  (Yes, I know, there's some serious triple natting at play.)
>
> I added a route on osprey (192.168.1.3) that enables me to ssh in to
> petrel (192.168.2.2).  From petrel I can get to anything on the
> 192.168.1.0 subnet through gadwall.  Unfortunately, from petrel I can't
> get to the internet; gadwall isn't forwarding packets to smoothwall.
>   From gadwall itself I can get to the internet just fine.
>
> Here's some net config stuff from gadwall.
>
> [root at gadwall ~]# ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:B0:D0:82:6D:DB
>            inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0
>            inet6 addr: fec0::2b0:d0ff:fe82:6ddb/64 Scope:Site
>            inet6 addr: fe80::2b0:d0ff:fe82:6ddb/64 Scope:Link
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:11416 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:8144 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:4871805 (4.6 MiB)  TX bytes:1066146 (1.0 MiB)
>            Interrupt:5 Base address:0xe880
>
> eth1      Link encap:Ethernet  HWaddr 00:0F:B5:8D:63:D9
>            inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
>            inet6 addr: fe80::20f:b5ff:fe8d:63d9/64 Scope:Link
>            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>            RX packets:1449 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:1223 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:1000
>            RX bytes:141635 (138.3 KiB)  TX bytes:108304 (105.7 KiB)
>            Interrupt:5 Base address:0x4c00
>
> lo        Link encap:Local Loopback
>            inet addr:127.0.0.1  Mask:255.0.0.0
>            inet6 addr: ::1/128 Scope:Host
>            UP LOOPBACK RUNNING  MTU:16436  Metric:1
>            RX packets:1129 errors:0 dropped:0 overruns:0 frame:0
>            TX packets:1129 errors:0 dropped:0 overruns:0 carrier:0
>            collisions:0 txqueuelen:0
>            RX bytes:1313920 (1.2 MiB)  TX bytes:1313920 (1.2 MiB)
>
> [root at gadwall ~]# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0
> eth1
> 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0
> eth0
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0
> eth1
> 0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0
> eth0
>
> [root at gadwall ~]# cat /proc/sys/net/ipv4/ip_forward
> 1
>
> [root at gadwall ~]# iptables -L
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
>
> Here's a traceroute from petrel (192.168.2.2) to google.com
> (72.14.207.99).  Clearly, gadwall isn't forwarding to smoothwall.


You don't know that, it could be a lot of things, you need to do tcpdumps on
both gadwall and smoothwall to determine what's the cause.
can you get to the internet from gadwall? or anything else that's on the
192.168.1.0 network?
also, You didn't say anything about smoothwall's setup and NAT translation
if you are doing any....


[root at petrel ~]# traceroute 72.14.207.99
> traceroute to 72.14.207.99 (72.14.207.99), 30 hops max, 38 byte packets
>    1  gadwall (192.168.2.1)  0.412 ms  0.144 ms  0.114 ms
>    2  * * *
>
> But it works for .1 subnet addresses.
>
> [root at petrel ~]# traceroute 192.168.1.3
> traceroute to 192.168.1.3 (192.168.1.3), 30 hops max, 38 byte packets
>    1  gadwall (192.168.2.1)  0.412 ms  0.119 ms  0.092 ms
>    2  osprey (192.168.1.3)  0.206 ms !<10>  0.160 ms !<10>  0.154 ms !<10>
>
> What route should I add to gadwall to make him forward packets from
> petrel to smoothwall (and hence, the internet)?


the config on gadwall looks good, I would do tcpdumps on both gadwall and
smoothwall (both interfaces) to see where the problem is


- Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051210/0f8e52b3/attachment-0001.htm>

More information about the fedora-list mailing list