FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 02-19-2010, 02:31 AM
j.halifax .
 
Default Routing problems

> What happens if you try to "ping" from the eth2 interface of the router?
> ping -I 10.255.250.37 172.17.1.50

Commands issued in 10.255.l250.37 (via ssh 195.39.130.92):
=============================================
ping -I 10.255.250.37 172.17.1.50
PING 172.17.1.50 (172.17.1.50) from 10.255.250.37 : 56(84) bytes of data.
>From 195.39.130.92 icmp_seq=2 Destination Host Unreachable

ping -I eth2 182.15.1.50
PING 182.15.1.50 (182.15.1.50) from 10.255.250.37 eth2: 56(84) bytes of data.
>From 195.39.130.92 icmp_seq=1 Destination Host Unreachable

ping 172.17.1.50
PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data.
64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=8.65 ms


==========================================
iptables -L -v
Chain INPUT (policy ACCEPT 3325K packets, 706M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 2152K packets, 964M bytes)
pkts bytes target prot opt in out source destination
534 40008 ACCEPT all -- any eth3 anywhere 172.17.0.0/16

Chain OUTPUT (policy ACCEPT 1080K packets, 160M bytes)
pkts bytes target prot opt in out source destination
====================================
ping -I eth2 172.17.1.50
PING 172.17.1.50 (172.17.1.50) from 10.255.250.37 eth2: 56(84) bytes of data.
>From 195.39.130.92 icmp_seq=2 Destination Host Unreachable
====================================
iptables -L -v
Chain INPUT (policy ACCEPT 3325K packets, 706M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 2153K packets, 964M bytes)
pkts bytes target prot opt in out source destination
534 40008 ACCEPT all -- any eth3 anywhere 172.17.0.0/16

Chain OUTPUT (policy ACCEPT 1080K packets, 160M bytes)
pkts bytes target prot opt in out source destination
=====================================

Thank you..
jh


> ------------ Původn* zpráva ------------
> Od: Rick Sewill <rsewill@gmail.com>
> Předmět: Re: Routing problems
> Datum: 18.2.2010 20:10:40
> ----------------------------------------
> On Thu, 2010-02-18 at 13:48 +0100, j.halifax . wrote:
> > > I think the problem is probably the routing tables in the other boxes
> > > in the same LAN (e.g. 10.255.250.38)
> >
> > route in 10.255.250.38:
> > Destination Gateway Genmask Flags Metric Ref Use Iface
> > 192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
> > 10.255.250.0 * 255.255.255.0 U 0 0 0 eth0
> > link-local * 255.255.0.0 U 0 0 0 eth0
> > default 10.255.250.37 0.0.0.0 UG 0 0 0 eth0
> >
> > traceroute -n 172.17.1.50 (from 10.255.250.38):
> > traceroute to 172.17.1.50 (172.17.1.50), 30 hops max, 40 byte packets
> > 1 10.255.250.37 0.194 ms 0.124 ms 0.120 ms
> > 2 195.39.130.92 3000.438 ms !H 3000.449 ms !H 3000.427 ms !H
> >
> > The request comes to the LAN default GW and fells through to
> > its default GW eth0 leading to Internet, instead of going to eth3
> >
> > (
> > Thank you...
> > jh
> >
> >
>
> I'm still stumped.
>
> What happens if you try to "ping" from the eth2 interface of the router?
>
> ping -I 10.255.250.37 172.17.1.50
>
> I guess the following is equivalent:
> ping -I eth2 172.17.1.50
>
> I expect this ping to fail.
>
> I am still suspicious iptables is involved.
>
> If your router had periods of time when there was no traffic,
> I would do
> iptables -L -v
> to get the packet counts for every iptables rule,
> do the ping from the PC that fails, and do
> iptables -L -v
> again and compare the packet counts for every iptables rule,
> to determine which iptables rules were being used for the ping packets.
>
>
>
>
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>
>
>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 02-19-2010, 03:53 AM
Rick Sewill
 
Default Routing problems

On Fri, 2010-02-19 at 04:31 +0100, j.halifax . wrote:
> > What happens if you try to "ping" from the eth2 interface of the router?
> > ping -I 10.255.250.37 172.17.1.50
>
> Commands issued in 10.255.l250.37 (via ssh 195.39.130.92):
> =============================================
> ping -I 10.255.250.37 172.17.1.50
> PING 172.17.1.50 (172.17.1.50) from 10.255.250.37 : 56(84) bytes of data.
> >From 195.39.130.92 icmp_seq=2 Destination Host Unreachable
>
> ping -I eth2 182.15.1.50
> PING 182.15.1.50 (182.15.1.50) from 10.255.250.37 eth2: 56(84) bytes of data.
> >From 195.39.130.92 icmp_seq=1 Destination Host Unreachable
>
> ping 172.17.1.50
> PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data.
> 64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=8.65 ms
>
>
> ==========================================
> iptables -L -v
> Chain INPUT (policy ACCEPT 3325K packets, 706M bytes)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD (policy ACCEPT 2152K packets, 964M bytes)
> pkts bytes target prot opt in out source destination
> 534 40008 ACCEPT all -- any eth3 anywhere 172.17.0.0/16
>
> Chain OUTPUT (policy ACCEPT 1080K packets, 160M bytes)
> pkts bytes target prot opt in out source destination
> ====================================
> ping -I eth2 172.17.1.50
> PING 172.17.1.50 (172.17.1.50) from 10.255.250.37 eth2: 56(84) bytes of data.
> >From 195.39.130.92 icmp_seq=2 Destination Host Unreachable
> ====================================
> iptables -L -v
> Chain INPUT (policy ACCEPT 3325K packets, 706M bytes)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD (policy ACCEPT 2153K packets, 964M bytes)
> pkts bytes target prot opt in out source destination
> 534 40008 ACCEPT all -- any eth3 anywhere 172.17.0.0/16
>
> Chain OUTPUT (policy ACCEPT 1080K packets, 160M bytes)
> pkts bytes target prot opt in out source destination
> =====================================
>
> Thank you..
> jh


You convinced me my gut instinct is wrong about iptables being involved.

I have another line of thought.

I believe, with iproute2, there are additional routing tables.

With a note of caution as I am reading documentation as I go,
and you may find you have more experience with this than me,
please do:
ip rule list

I expect there to be at least 3 tables listed, local, main, default

For each table, please do ip route list table <table name>
For example,
ip route list table local
ip route list table main
ip route list table default
...and ip route list table xxx for any other tables in the rule list.

I am going to make a wild guess the local table has higher priority
than the main table and has something adversely affecting your routing.

I believe we normally only look at the main table.

I think the files for iproute2 are kept in the /etc/iproute2 directory.

Again, this is only a guess on my part.

The documentation I was reading was found using google at URL:
http://www.linuxdocs.org/HOWTOs/Adv-Routing-HOWTO-4.html



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 02-19-2010, 07:43 AM
j.halifax .
 
Default Routing problems

> ip rule list
ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
========================
> ip route list table local
> ip route list table main
> ip route list table default

ip route list table local
local 195.39.130.92 dev eth0 proto kernel scope host src 195.39.130.92
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 192.168.180.100 dev eth3 proto kernel scope host src 192.168.180.100
broadcast 10.255.250.255 dev eth2 proto kernel scope link src 10.255.250.37
broadcast 192.168.180.0 dev eth3 proto kernel scope link src 192.168.180.100
broadcast 195.39.130.255 dev eth0 proto kernel scope link src 195.39.130.92
broadcast 10.255.250.0 dev eth2 proto kernel scope link src 10.255.250.37
broadcast 192.168.180.255 dev eth3 proto kernel scope link src 192.168.180.100
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
broadcast 195.39.130.0 dev eth0 proto kernel scope link src 195.39.130.92
local 10.255.250.37 dev eth2 proto kernel scope host src 10.255.250.37
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1

ip route list table main
192.168.180.0/24 dev eth3 proto kernel scope link src 192.168.180.100
10.200.1.0/24 via 10.255.250.250 dev eth2
195.39.130.0/24 dev eth0 proto kernel scope link src 195.39.130.92
10.1.1.0/24 via 10.255.250.250 dev eth2
10.201.1.0/24 via 10.255.250.250 dev eth2
172.17.1.0/24 via 192.168.180.100 dev eth3
10.255.250.0/24 dev eth2 proto kernel scope link src 10.255.250.37
169.254.0.0/16 dev eth0 scope link metric 1003
169.254.0.0/16 dev eth2 scope link metric 1004
169.254.0.0/16 dev eth3 scope link metric 1005
192.168.0.0/16 via 192.168.180.100 dev eth3
default via 195.39.130.89 dev eth0

ip route list table default
My comment: Table is empty
======================

I can't see any fault. Packets to 172.17.1.50 should match
172.17.1.0/24 via 192.168.180.100 dev eth3
and go to eth3. But it doesn't and goes by default to eth0
(Internet)

Don't you know any way of debugging routing decisions
(to see why do packets match or not)?

Thank you again.
jh


> ------------ Původn* zpráva ------------
> Od: Rick Sewill <rsewill@gmail.com>
> Předmět: Re: Routing problems
> Datum: 19.2.2010 05:54:39
> ----------------------------------------
> On Fri, 2010-02-19 at 04:31 +0100, j.halifax . wrote:
> > > What happens if you try to "ping" from the eth2 interface of the router?
> > > ping -I 10.255.250.37 172.17.1.50
> >
> > Commands issued in 10.255.l250.37 (via ssh 195.39.130.92):
> > =============================================
> > ping -I 10.255.250.37 172.17.1.50
> > PING 172.17.1.50 (172.17.1.50) from 10.255.250.37 : 56(84) bytes of data.
> > >From 195.39.130.92 icmp_seq=2 Destination Host Unreachable
> >
> > ping -I eth2 182.15.1.50
> > PING 182.15.1.50 (182.15.1.50) from 10.255.250.37 eth2: 56(84) bytes of data.
> > >From 195.39.130.92 icmp_seq=1 Destination Host Unreachable
> >
> > ping 172.17.1.50
> > PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data.
> > 64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=8.65 ms
> >
> >
> > ==========================================
> > iptables -L -v
> > Chain INPUT (policy ACCEPT 3325K packets, 706M bytes)
> > pkts bytes target prot opt in out source
> destination
> >
> > Chain FORWARD (policy ACCEPT 2152K packets, 964M bytes)
> > pkts bytes target prot opt in out source
> destination
> > 534 40008 ACCEPT all -- any eth3 anywhere
> 172.17.0.0/16
> >
> > Chain OUTPUT (policy ACCEPT 1080K packets, 160M bytes)
> > pkts bytes target prot opt in out source
> destination
> > ====================================
> > ping -I eth2 172.17.1.50
> > PING 172.17.1.50 (172.17.1.50) from 10.255.250.37 eth2: 56(84) bytes of data.
> > >From 195.39.130.92 icmp_seq=2 Destination Host Unreachable
> > ====================================
> > iptables -L -v
> > Chain INPUT (policy ACCEPT 3325K packets, 706M bytes)
> > pkts bytes target prot opt in out source
> destination
> >
> > Chain FORWARD (policy ACCEPT 2153K packets, 964M bytes)
> > pkts bytes target prot opt in out source
> destination
> > 534 40008 ACCEPT all -- any eth3 anywhere
> 172.17.0.0/16
> >
> > Chain OUTPUT (policy ACCEPT 1080K packets, 160M bytes)
> > pkts bytes target prot opt in out source
> destination
> > =====================================
> >
> > Thank you..
> > jh
>
>
> You convinced me my gut instinct is wrong about iptables being involved.
>
> I have another line of thought.
>
> I believe, with iproute2, there are additional routing tables.
>
> With a note of caution as I am reading documentation as I go,
> and you may find you have more experience with this than me,
> please do:
> ip rule list
>
> I expect there to be at least 3 tables listed, local, main, default
>
> For each table, please do ip route list table <table name>
> For example,
> ip route list table local
> ip route list table main
> ip route list table default
> ...and ip route list table xxx for any other tables in the rule list.
>
> I am going to make a wild guess the local table has higher priority
> than the main table and has something adversely affecting your routing.
>
> I believe we normally only look at the main table.
>
> I think the files for iproute2 are kept in the /etc/iproute2 directory.
>
> Again, this is only a guess on my part.
>
> The documentation I was reading was found using google at URL:
> http://www.linuxdocs.org/HOWTOs/Adv-Routing-HOWTO-4.html
>
>
>
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>
>
>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 02-19-2010, 03:23 PM
Rick Sewill
 
Default Routing problems

On Fri, 2010-02-19 at 09:43 +0100, j.halifax . wrote:
> > ip rule list
> ip rule list
> 0: from all lookup local
> 32766: from all lookup main
> 32767: from all lookup default
> ========================
> > ip route list table local
> > ip route list table main
> > ip route list table default
>
> ip route list table local
> local 195.39.130.92 dev eth0 proto kernel scope host src 195.39.130.92
> broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
> local 192.168.180.100 dev eth3 proto kernel scope host src 192.168.180.100
> broadcast 10.255.250.255 dev eth2 proto kernel scope link src 10.255.250.37
> broadcast 192.168.180.0 dev eth3 proto kernel scope link src 192.168.180.100
> broadcast 195.39.130.255 dev eth0 proto kernel scope link src 195.39.130.92
> broadcast 10.255.250.0 dev eth2 proto kernel scope link src 10.255.250.37
> broadcast 192.168.180.255 dev eth3 proto kernel scope link src 192.168.180.100
> broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
> broadcast 195.39.130.0 dev eth0 proto kernel scope link src 195.39.130.92
> local 10.255.250.37 dev eth2 proto kernel scope host src 10.255.250.37
> local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
> local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
>
> ip route list table main
> 192.168.180.0/24 dev eth3 proto kernel scope link src 192.168.180.100
> 10.200.1.0/24 via 10.255.250.250 dev eth2
> 195.39.130.0/24 dev eth0 proto kernel scope link src 195.39.130.92
> 10.1.1.0/24 via 10.255.250.250 dev eth2
> 10.201.1.0/24 via 10.255.250.250 dev eth2
> 172.17.1.0/24 via 192.168.180.100 dev eth3
> 10.255.250.0/24 dev eth2 proto kernel scope link src 10.255.250.37
> 169.254.0.0/16 dev eth0 scope link metric 1003
> 169.254.0.0/16 dev eth2 scope link metric 1004
> 169.254.0.0/16 dev eth3 scope link metric 1005
> 192.168.0.0/16 via 192.168.180.100 dev eth3
> default via 195.39.130.89 dev eth0
>
> ip route list table default
> My comment: Table is empty
> ======================
>
> I can't see any fault. Packets to 172.17.1.50 should match
> 172.17.1.0/24 via 192.168.180.100 dev eth3
> and go to eth3. But it doesn't and goes by default to eth0
> (Internet)
>
> Don't you know any way of debugging routing decisions
> (to see why do packets match or not)?
>
> Thank you again.
> jh
>

I can't see any fault either.

There is "ip route get" which will tell how the kernel
should route a packet given a destination.

Please do "man ip" and search for the string,
"ip route get - get"

The man page says this command causes the kernel to pretend to send
a packet along the path without actually sending the packet.

I'd suggest a command like:
ip route get 172.17.1.50 from 10.255.250.38 iif eth2

I'm not optimistic this command will give us a hint what is happening.

I'm at the point of wanting to modify kernel source code to debug it.
This is NOT a path I recommend unless you have a lab environment
and are comfortable doing this sort of thing.
I certainly wouldn't do this on a production system.
I'd do this only on a system I'm willing to lose all data on the disk.

I'm sorry. I'm stumped. I've run out of ideas and suggestions.

Have you considered asking people on IRC?
Please see the following URL for information:
http://fedoraproject.org/wiki/Communicate#IRC

To use IRC and ask questions on the #fedora channel,
you will need an IRC client,
and will need to register a nickname with the Nickserv, freenode.net.
I'd suggest asking questions on the #fedora channel.

Perhaps someone, there, will have more ideas and suggestions.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 02-20-2010, 02:45 PM
Bruno Wolff III
 
Default Routing problems

On Thu, Feb 18, 2010 at 07:31:56 +0100,
"j.halifax ." <j.halifax@seznam.cz> wrote:
>
> >From the LAN default GW (10.255.250.37)
> - I can ping 172.17.1.50:
> &nbsp;&nbsp;PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data.
> &nbsp;&nbsp;64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=5.62 ms
> &nbsp;&nbsp;64 bytes from 172.17.1.50: icmp_seq=2 ttl=253 time=3.29 ms
>
> >From other boxes in the same LAN (e.g. 10.255.250.38)
> - I cann't ping 172.17.1.50
> - I cann't traceroute 172.17.1.50: It goes to LAN default GW
> &nbsp;&nbsp;10.255.250.37 and then to its default GW dsl-router on eth0
> &nbsp;&nbsp;instead of eth3 (so that the routing rule for 172.17.0.0 doesn't
> &nbsp;&nbsp;match for 172.17.1.50)
>
> Can anybody help pleasee?

Are you sure you have packet forwarding enabled?
What does 'sysctl -a | grep forward' say?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 02-21-2010, 05:17 PM
j.halifax .
 
Default Routing problems

> Are you sure you have packet forwarding enabled?
> What does 'sysctl -a | grep forward' say?

sysctl -a | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.eth1.forwarding = 1
net.ipv4.conf.eth1.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth2.forwarding = 1
net.ipv4.conf.eth2.mc_forwarding = 0
net.ipv4.conf.eth3.forwarding = 1
net.ipv4.conf.eth3.mc_forwarding = 0
net.ipv4.conf.sit0.forwarding = 1
net.ipv4.conf.sit0.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.eth1.forwarding = 0
net.ipv6.conf.eth1.mc_forwarding = 0
net.ipv6.conf.sit0.forwarding = 0
net.ipv6.conf.sit0.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.eth2.forwarding = 0
net.ipv6.conf.eth2.mc_forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.eth3.forwarding = 0
net.ipv6.conf.eth3.mc_forwarding = 0
===
net.ipv4.ip_forward = 1. Is it sufficient?

Thank you...


> ------------ Původn* zpráva ------------
> Od: Bruno Wolff III <bruno@wolff.to>
> Předmět: Re: Routing problems
> Datum: 20.2.2010 16:52:22
> ----------------------------------------
> On Thu, Feb 18, 2010 at 07:31:56 +0100,
> "j.halifax ." <j.halifax@seznam.cz> wrote:
> >
> > >From the LAN default GW (10.255.250.37)
> > - I can ping 172.17.1.50:
> > &nbsp;&nbsp;PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data.
> > &nbsp;&nbsp;64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=5.62 ms
> > &nbsp;&nbsp;64 bytes from 172.17.1.50: icmp_seq=2 ttl=253 time=3.29 ms
> >
> > >From other boxes in the same LAN (e.g. 10.255.250.38)
> > - I cann't ping 172.17.1.50
> > - I cann't traceroute 172.17.1.50: It goes to LAN default GW
> > &nbsp;&nbsp;10.255.250.37 and then to its default GW dsl-router on eth0
> > &nbsp;&nbsp;instead of eth3 (so that the routing rule for 172.17.0.0 doesn't
> > &nbsp;&nbsp;match for 172.17.1.50)
> >
> > Can anybody help pleasee?
>
> Are you sure you have packet forwarding enabled?
> What does 'sysctl -a | grep forward' say?
>
>


> ------------ Původn* zpráva ------------
> Od: Bruno Wolff III <bruno@wolff.to>
> Předmět: Re: Routing problems
> Datum: 20.2.2010 16:52:22
> ----------------------------------------
> On Thu, Feb 18, 2010 at 07:31:56 +0100,
> "j.halifax ." <j.halifax@seznam.cz> wrote:
> >
> > >From the LAN default GW (10.255.250.37)
> > - I can ping 172.17.1.50:
> > &nbsp;&nbsp;PING 172.17.1.50 (172.17.1.50) 56(84) bytes of data.
> > &nbsp;&nbsp;64 bytes from 172.17.1.50: icmp_seq=1 ttl=253 time=5.62 ms
> > &nbsp;&nbsp;64 bytes from 172.17.1.50: icmp_seq=2 ttl=253 time=3.29 ms
> >
> > >From other boxes in the same LAN (e.g. 10.255.250.38)
> > - I cann't ping 172.17.1.50
> > - I cann't traceroute 172.17.1.50: It goes to LAN default GW
> > &nbsp;&nbsp;10.255.250.37 and then to its default GW dsl-router on eth0
> > &nbsp;&nbsp;instead of eth3 (so that the routing rule for 172.17.0.0 doesn't
> > &nbsp;&nbsp;match for 172.17.1.50)
> >
> > Can anybody help pleasee?
>
> Are you sure you have packet forwarding enabled?
> What does 'sysctl -a | grep forward' say?
>
>
>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-19-2011, 08:34 AM
Mike Dwiggins
 
Default Routing problems

I am trying to set up a Fedora 14 as a router between two different
net works.



I have the following iptables set up:







[root@faker ~]# iptables -A INPUT
--source 10.21.144.0/24 --destination 10.16.2.1

[root@faker ~]# iptables -A INPUT
--source 10.16.2.0/24 --destination 10.21.144.1

[root@faker ~]# iptables --list

Chain INPUT (policy ACCEPT)

target prot opt source destination

all -- 10.21.144.0/24 10.16.2.1

all -- 10.16.2.0/24 10.21.144.1





Chain FORWARD (policy ACCEPT)

target prot opt source destination





Chain OUTPUT (policy ACCEPT)

target prot opt source destination



I cannot get two devices on the two
net works to ping.* I have the Active Controllers on one Network
and the Slave Devices on the other.



I am trying to mimic a real world
setup in a Lab and am at a loss.* I have had no trouble setting up
NAT's but, the situation I am trying to emulate does not allow for
a NAT.



My hair is already gray but I might
start losing it!













--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-19-2011, 08:53 AM
Franois Patte
 
Default Routing problems

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 19/08/2011 10:34, Mike Dwiggins a crit :
> I am trying to set up a Fedora 14 as a router between two different net
> works.

look there:

http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html

you have example of what you want to do at the end of the document.

- --
Franois Patte
UFR de mathmatiques et informatique
Universit Paris Descartes
45, rue des Saints Pres
F-75270 Paris Cedex 06
Tl. +33 (0)1 4286 2145
http://www.math-info.univ-paris5.fr/~patte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk5OJJIACgkQdE6C2dhV2JVgqQCeL4pR0VXOD7 PrL9No70eXBL0A
tVMAoI8RYktC4CmFCgVs+W6Er1vIXz30
=cVzl
-----END PGP SIGNATURE-----
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 12:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org