Routing problem - was FC9 Linux gateways, VPN working, IP forwarding isn't
Steve Forsythe
forsytse at gmail.com
Sat Jan 24 18:05:17 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Gary Stainburn wrote:
| On Saturday 24 January 2009 11:19:05 Giany wrote:
|> If you say ip_forward is enabled then either there is a routing problem
|> or some firewall issue.
|>
|
| I've been going round in circles all day and now my head's spinning. I
even
| got it working once, but don't know how and can't repeat it.
|
| Iptables on all four machines set ACCEPT on INPUT, OUTPUT and FORWARD. IP
| forwarding enabled on both gateways.
|
| This only leaves routing.
|
| Both gateways talk to each other.
| Client and Server can talk to their local gateway
| Local gateway can talk to remote server.
| Remote gateway cannot talk to client
| Client cannot talk to remote gateway or server
| server cannot talk to local gateway or client
|
| Layout
|
| Client eth0 10.6.1.2/16
|
| Network 10.6.0.0/16
|
| Local GW eth0 10.6.1.1/16
| eth1 192.168.1.1/24 (internet connection)
| ppp0 192.168.127.2/32 P-to-P 192.168.127.1
|
| VPN ppp-over-ssh
|
| Remote eth0 10.1.1.115/16
| GW ppp1 192.168.127.1/32 P-to-P 192.168.127.2
|
| Network 10.1.0.0/16
|
| Server eth0 10.1.1.104
|
| route tables
|
| Client
| Kernel IP routing table
| Destination Gateway Genmask Flags Metric Ref
Use Iface
| 192.168.128.1 10.6.1.1 255.255.255.255 UGH 0 0
0 eth0
| 192.168.127.1 10.6.1.1 255.255.255.255 UGH 0 0
0 eth0
| 10.6.0.0 0.0.0.0 255.255.0.0 U 1 0
0 eth0
| 0.0.0.0 10.6.1.1 0.0.0.0 UG 0 0
0 eth0
|
| Local Gateway
| Destination Gateway Genmask Flags Metric Ref
Use Iface
| 192.168.127.1 0.0.0.0 255.255.255.255 UH 0 0
0 ppp0
| 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
| 10.2.0.0 192.168.127.1 255.255.0.0 UG 0 0
0 ppp0
| 136.0.0.0 192.168.127.1 255.255.0.0 UG 0 0
0 ppp0
| 10.1.0.0 192.168.127.1 255.255.0.0 UG 0 0
0 ppp0
| 10.6.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
| 10.5.0.0 192.168.127.1 255.255.0.0 UG 0 0
0 ppp0
| 172.0.0.0 192.168.127.1 255.255.0.0 UG 0 0
0 ppp0
| 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth1
| 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0
0 eth1
|
| Remote Gateway
| Destination Gateway Genmask Flags Metric Ref
Use Iface
| 192.168.127.2 0.0.0.0 255.255.255.255 UH 0 0
0 ppp1
| 10.2.0.0 10.1.1.1 255.255.0.0 UG 0 0
0 eth0
| 172.24.0.0 10.1.1.16 255.255.0.0 UG 0 0
0 eth0
| 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
| 10.4.0.0 10.1.1.112 255.255.0.0 UG 0 0
0 eth0
| 10.5.0.0 10.1.1.112 255.255.0.0 UG 0 0
0 eth0
| 136.9.0.0 10.1.1.16 255.255.0.0 UG 0 0
0 eth0
| 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
| 0.0.0.0 10.1.1.112 0.0.0.0 UG 0 0
0 eth0
|
| Server
| Destination Gateway Genmask Flags Metric Ref
Use Iface
| 192.168.127.2 10.1.1.115 255.255.255.255 UGH 0 0
0 eth0
| 10.2.0.0 10.1.1.1 255.255.0.0 UG 0 0
0 eth0
| 172.24.0.0 10.1.1.16 255.255.0.0 UG 0 0
0 eth0
| 10.1.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
| 10.6.0.0 10.1.1.115 255.255.0.0 UG 0 0
0 eth0
| 10.4.0.0 10.1.1.112 255.255.0.0 UG 0 0
0 eth0
| 10.5.0.0 10.1.1.112 255.255.0.0 UG 0 0
0 eth0
| 136.9.0.0 10.1.1.16 255.255.0.0 UG 0 0
0 eth0
| 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
| 0.0.0.0 10.1.1.112 0.0.0.0 UG 0 0
0 eth0
|
|
Perhaps I'm overlooking something, but the remote gateway does not
appear to have a route to the 10.6 network via 192.168.127.2. It looks
to me like traffic to 10.6 would go via the default to 10.1.1.112.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEAREIAAYFAkl7WFwACgkQ5LO5Iacp/hGQ7wCfR1Yx+/79iZrzEUAYAwKYS5Uq
+T0An21t/JWjJUJPxrWa7aOeSi5TtSnP
=pRoY
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list