[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Routing problem - was FC9 Linux gateways, VPN working, IP forwarding isn't



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gary Stainburn wrote:
| On Saturday 24 January 2009 11:19:05 Giany wrote:
|> If you say ip_forward is enabled then either there is a routing problem
|> or some firewall issue.
|>
|
| I've been going round in circles all day and now my head's spinning. I
even
| got it working once, but don't know how and can't repeat it.
|
| Iptables on all four machines set ACCEPT on INPUT, OUTPUT and FORWARD. IP
| forwarding enabled on both gateways.
|
| This only leaves routing.
|
| Both gateways talk to each other.
| Client and Server can talk to their local gateway
| Local gateway can talk to remote server.
| Remote gateway cannot talk to client
| Client cannot talk to remote gateway or server
| server cannot talk to local gateway or client
|
| Layout
|
| Client	eth0		10.6.1.2/16
|
| 		Network	10.6.0.0/16
|
| Local GW	eth0		10.6.1.1/16
| 		eth1		192.168.1.1/24 (internet connection)
| 		ppp0	192.168.127.2/32 P-to-P 192.168.127.1
|
| 		VPN		ppp-over-ssh
|
| Remote	eth0		10.1.1.115/16
| GW		ppp1	192.168.127.1/32 P-to-P 192.168.127.2
|
| 		Network 10.1.0.0/16
|
| Server	eth0		10.1.1.104
|
| route tables
|
| Client
| Kernel IP routing table
| Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
| 192.168.128.1   10.6.1.1        255.255.255.255 UGH   0      0
0 eth0
| 192.168.127.1   10.6.1.1        255.255.255.255 UGH   0      0
0 eth0
| 10.6.0.0        0.0.0.0         255.255.0.0     U     1      0
0 eth0
| 0.0.0.0         10.6.1.1        0.0.0.0         UG    0      0
0 eth0
|
| Local Gateway
| Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
| 192.168.127.1   0.0.0.0         255.255.255.255 UH    0      0
0 ppp0
| 192.168.1.0     0.0.0.0         255.255.255.0   U     0      0
0 eth1
| 10.2.0.0        192.168.127.1   255.255.0.0     UG    0      0
0 ppp0
| 136.0.0.0       192.168.127.1   255.255.0.0     UG    0      0
0 ppp0
| 10.1.0.0        192.168.127.1   255.255.0.0     UG    0      0
0 ppp0
| 10.6.0.0        0.0.0.0         255.255.0.0     U     0      0
0 eth0
| 10.5.0.0        192.168.127.1   255.255.0.0     UG    0      0
0 ppp0
| 172.0.0.0       192.168.127.1   255.255.0.0     UG    0      0
0 ppp0
| 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0
0 eth1
| 0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0
0 eth1
|
| Remote Gateway
| Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
| 192.168.127.2   0.0.0.0         255.255.255.255 UH    0      0
0 ppp1
| 10.2.0.0        10.1.1.1        255.255.0.0     UG    0      0
0 eth0
| 172.24.0.0      10.1.1.16       255.255.0.0     UG    0      0
0 eth0
| 10.1.0.0        0.0.0.0         255.255.0.0     U     0      0
0 eth0
| 10.4.0.0        10.1.1.112      255.255.0.0     UG    0      0
0 eth0
| 10.5.0.0        10.1.1.112      255.255.0.0     UG    0      0
0 eth0
| 136.9.0.0       10.1.1.16       255.255.0.0     UG    0      0
0 eth0
| 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0
0 eth0
| 0.0.0.0         10.1.1.112      0.0.0.0         UG    0      0
0 eth0
|
| Server
| Destination     Gateway         Genmask         Flags Metric Ref
Use Iface
| 192.168.127.2   10.1.1.115      255.255.255.255 UGH   0      0
0 eth0
| 10.2.0.0        10.1.1.1        255.255.0.0     UG    0      0
0 eth0
| 172.24.0.0      10.1.1.16       255.255.0.0     UG    0      0
0 eth0
| 10.1.0.0        0.0.0.0         255.255.0.0     U     0      0
0 eth0
| 10.6.0.0        10.1.1.115      255.255.0.0     UG    0      0
0 eth0
| 10.4.0.0        10.1.1.112      255.255.0.0     UG    0      0
0 eth0
| 10.5.0.0        10.1.1.112      255.255.0.0     UG    0      0
0 eth0
| 136.9.0.0       10.1.1.16       255.255.0.0     UG    0      0
0 eth0
| 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0
0 eth0
| 0.0.0.0         10.1.1.112      0.0.0.0         UG    0      0
0 eth0
|
|
Perhaps I'm overlooking something, but the remote gateway does not
appear to have a route to the 10.6 network via 192.168.127.2. It looks
to me like traffic to 10.6 would go via the default to 10.1.1.112.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEAREIAAYFAkl7WFwACgkQ5LO5Iacp/hGQ7wCfR1Yx+/79iZrzEUAYAwKYS5Uq
+T0An21t/JWjJUJPxrWa7aOeSi5TtSnP
=pRoY
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]